davidh
February 6th, 2010, 09:41 AM
Malicious Firefox Add-ons Installed Trojans
Two experimental add-ons previously available through Mozilla's add-on site installed malware on victim PCs.
By Erik Larkin, PC World
February 05, 2010 05:13 PM ET
Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.
The small-distribution extensions were previously available via Mozilla's add-on site, but have since been removed. According to Mozilla's post, the Master Filer add-on had been downloaded about 600 times and installed the Bifrose Trojan. The Sothink Web Video Downloader version 4 slipped in the LdPinch Trojan, and had been downloaded about 4,000 times.
According to the open-source organization, the malicious add-ons managed to sneak by the one malware scanner (unnamed in the post) used by Mozilla. The organization says it will now be scanning with two additional detection tools (also unnamed).
If you happen to have installed either of these malicious add-ons, note that removing the add-on will not remove any installed Trojan. You'll need to run a separate antivirus scan and disinfection to clean your system. Mozilla's post includes a list of antivirus software currently known to detect the particular Trojans involved.
This unfortunate incident makes clear why relying solely on one antivirus scanner is never a good idea, as no one program detects everything. Since this has happened at least once before with an infected Vietnamese language pack, I'm curious why Mozilla doesn't simply switch to uploading all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission. I've also asked Mozilla which scanner it had been using. If I get that information I'll add it to this post.
http://www.networkworld.com/news/2010/020510-malicious-firefox-add-ons-installed.html
I'll be seriously paying attention to make sure that any extensions I install in future have a high down load rate. Probably ought to do full PC scan after installing new browser add-ons. With two different malware scanners. What a PITA!
Two experimental add-ons previously available through Mozilla's add-on site installed malware on victim PCs.
By Erik Larkin, PC World
February 05, 2010 05:13 PM ET
Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.
The small-distribution extensions were previously available via Mozilla's add-on site, but have since been removed. According to Mozilla's post, the Master Filer add-on had been downloaded about 600 times and installed the Bifrose Trojan. The Sothink Web Video Downloader version 4 slipped in the LdPinch Trojan, and had been downloaded about 4,000 times.
According to the open-source organization, the malicious add-ons managed to sneak by the one malware scanner (unnamed in the post) used by Mozilla. The organization says it will now be scanning with two additional detection tools (also unnamed).
If you happen to have installed either of these malicious add-ons, note that removing the add-on will not remove any installed Trojan. You'll need to run a separate antivirus scan and disinfection to clean your system. Mozilla's post includes a list of antivirus software currently known to detect the particular Trojans involved.
This unfortunate incident makes clear why relying solely on one antivirus scanner is never a good idea, as no one program detects everything. Since this has happened at least once before with an infected Vietnamese language pack, I'm curious why Mozilla doesn't simply switch to uploading all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission. I've also asked Mozilla which scanner it had been using. If I get that information I'll add it to this post.
http://www.networkworld.com/news/2010/020510-malicious-firefox-add-ons-installed.html
I'll be seriously paying attention to make sure that any extensions I install in future have a high down load rate. Probably ought to do full PC scan after installing new browser add-ons. With two different malware scanners. What a PITA!