Mozilla yanks infected add-ons, warns users
Mozilla on Friday pulled two programs from its Firefox browser add-on site for containing malware. Sothink Web Video Downloader 4.0 and all versions of Master Filer were found to contain Trojan horse code aimed at Windows users.
In a blog post, Mozilla stated that the Master Filer add-on was able to bypass AMO's security tests.
Mozilla user CatThief discovered the threat, it said. And when Mozilla added two more security checks to its vetting process and rescanned its entire catalog, it discovered that version 4 of the Sothink Web Video Downloader also contained a Trojan horse program. Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose.
Master Filer was removed from Mozilla's Firefox add-on site on January 25, and the Sothink video downloader was removed on Tuesday. CNET Download.com ceased hosting the Sothink add-on on Friday before noon.
Sothink Web Video Download 5.5.90819 had been a mildly popular Firefox add-on at Download.com, receiving 697 downloads in the past week and 63,716 downloads since it was first added to the site in June 2007.
Because the Trojan horse programs are tied to Firefox, Mozilla warns, host computers won't be infected until Firefox started. Uninstalling either add-on is only part of the solution, if the infection has already attacked the host computer. Mozilla recommends that users who suspect that they are infected use one of the following security applications to sweep and clean their computers after uninstalling the threatening add-on:
Infected users should note that only Avast and AVG are free.
Mozilla did not immediately respond to requests for comment. We'll update this post as we learn more.
Installing an add-on to Firefox requires a restart of Firefox, so host computers would be infected immediately. The phrase "won't be infected" doesn't apply.
Unlikely but sure.
[CNET editor's note: Personal attack deleted.]
So millions of machines, owned by fairly affluent users, usually left on 24/7, practically none of which run anti-virus, in a homogeneous environment...
Nah - that can't be a ripe target or anything... *rolls eyes*
I would have thought people learned their lesson with toolbar debacles from a few years ago.
Only the add-ons mentioned above are dangerous. Mozilla has a fairly secure process for scanning add-ons, but no system is flawless. Don't panic, but don't mess around with known infection vectors, either.
The implication is that only version 4 of the Sothink plugin is infected.
(http://en.wikipedia.org/wiki/Finger_protocol)
(sorry - couldn't resist :) ).
If version 4 is infected, why would you trust them enough to use the next version. They have demonstrated an ability and willingness to put Trojan infected software out. Never trust them again.
Just my $0.02.
- by DADSGETNDOWN February 6, 2010 6:36 PM PST
- I hope that EVERY thing by these 2 users or whoever are deleted and they should at least be banned for a long time or forever.
- Like this Reply to this comment
-
-
- by this1! February 7, 2010 1:07 AM PST
- did you read the article? mozilla diud and does scan everything, its just the scanning they used wasn't completely foolproofed, so they increased its scope and ability and ran it again...
- Like this
-
(28 Comments)Every single addon / extensions should be checked/scanned by mozilla before being able to distribute it, that DOES include every update to addons / extensions whether they are trusted or not.
And ofcourse the periodic and random scans of the entire inventory.