Hi malware fighters,
As dk70 demonstrated, several extensions in FF or Flock have memory leaks. Some install the TrackMeNot search-query obfugation privacy tool. Leak for version 3.0. see here:
Leaks in window 0x1900190:
[+] [leaked object] (2f94290, chrome://trackmenot/content/trackmenot.js, 405-441) = function () {
try {
if (req.readyState == 4) {
if (req.status != 200) {
gTrackMeNot.log(“[WARN] Loading " + query + " | " + req.status + “:” + req.statusText);
} else {
gTrackMeNot.log(”[QUERY] engine=" + engine + " | query=‘" + term + "’ | " + req.status);
if (gTrackMeNot.enabled) {
gTrackMeNot.setStatus(gTrackMeNot.showQueries ? (“'” + term + “'”) : “ON”);
gTrackMeNot.scheduleNextSearch(gTrackMeNot.timeout);
} else {
gTrackMeNot.setStatus(“OFF”);
}
}
}
} catch (ex) {
gTrackMeNot.cout("ERROR: " + ex.message);
gTrackMeNot.log(“ERROR: " + ex.message);
var longPause = gTrackMeNot.timeout * 10;
gTrackMeNot.log(”[WARN] No Connection: " + "trying again in " + longPause + “ms”);
gTrackMeNot.setStatus(“ERR”);
if (gTrackMeNot.enabled) {
gTrackMeNot.scheduleNextSearch(longPause);
}
}
}
prototype (d8f8c0) = [object Object]
[+] [leaked object] (19eba28) = [object Object]
[+] observe (19eba38,
What can be analyzed from this?
polonus