Mozilla confirms Trojan-infected Firefox add-ons

[nsane.forums]

Browser firm admits failing to spot malware

Mozilla has admitted in a security notice that two experimental add-ons for its Firefox browser contain Trojans that affect Windows machines.

The firm has since removed the add-ons from its official pages, but estimates that around 5,000 instances have already been downloaded.

"Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer, were found to contain Trojan code aimed at Windows users," said the company in a statement.

"Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on Add-Ons for Firefox."

Mozilla warned that users who have already downloaded the add-ons will become infected.

Simply installing the add-ons will execute the Trojan the next time Firefox starts, while uninstalling them will not eradicate the problem. The company advised the use of an anti-virus program to remove the malware.

Mac and Linux users are not affected.

View: Original Article

[DKT27]

Mozilla yanks infected add-ons, warns users

Firefox browser add-on site for containing malware. Sothink Web Video Downloader 4.0 and all versions of Master Filer were found to contain Trojan horse code aimed at Windows users.

Mozilla on Friday pulled two programs from its

In a blog post, Mozilla stated that the Master Filer add-on was able to bypass AMO's security tests.

Mozilla user CatThief discovered the threat, it said. And when Mozilla added two more security checks to its vetting process and rescanned its entire catalog, it discovered that version 4 of the Sothink Web Video Downloader also contained a Trojan horse program. Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose.

Master Filer was removed from Mozilla's Firefox add-on site on January 25, and the Sothink video downloader was removed on Tuesday. CNET Download.com ceased hosting the Sothink add-on on Friday before noon.

Sothink Web Video Download 5.5.90819 had been a mildly popular Firefox add-on at Download.com, receiving 697 downloads in the past week and 63,716 downloads since it was first added to the site in June 2007.

Because the Trojan horse programs are tied to Firefox, Mozilla warns, host computers won't be infected until Firefox started. Uninstalling either add-on is only part of the solution, if the infection has already attacked the host computer. Mozilla recommends that users who suspect that they are infected use one of the following security applications to sweep and clean their computers after uninstalling the threatening add-on:

Antiy-AVL <li>Avast <li>AVG <li>GData <li>Ikarus <li>K7 AntiVirus <li>McAfee <li>Norman <li>VBA32

Infected users should note that only Avast and AVG are free.

Mozilla did not immediately respond to requests for comment. We'll update this post as we learn more.

Source - CNET Download.com

[*dcs18]

Sothink Web Video Downloader and Master Filer. Phew, don't use either.

[chlorophyll]

yeah yest i saw this news somewhere i couldnt remember?? :blink:

anyhow firefox kicked those addons ;)

[DKT27]

I don't remember where but I read that Mozilla add-ons are virus free and safe to use. :unsure:

[Bizarre™]

@DKT27:

So you gonna dump Firefox now, just because of some lame-@$$ wannabe script kiddies?

Mozilla plug-ins are virus free and safe to use... since Mozilla is doing their job well ^_^

[DKT27]

I'm not gonna leave it. ^_^

I'm sure most of them are safe(99.99%). It's just that I'm sure that I read it on the Mozilla Add-ons site that add-ons are virus free and safe to use. Now I cannot see that phrase there.

[Night Owl]

Sothink Web Video Downloader and Master Filer. Phew, don't use either.

I second that!

[HX1]

Glad I never used them.. but I am pretty sure ESET would have nailed it.. The same way it picks up poorly coded programs.. In fact I really think I had run across this before.. but ignored it as a false positive.. but it didn't get downloaded.. Probably in one of my download XPI's and try them out later things I do every now and then..

Really sneeky though... for most scanners to pick it up while running they would have to use active monitoring, or have the browser running at the same time, whats odd is that I would probably have mine closed to make room fr the CPU usage..

[Roberts]

What about Mac viruses I use firewall such as Protemac Netmine. I have Leopard and use it for protects against viruses.It’s helps me a lot.

[HX1]

I remember a guy telling me in 2002 that the reason he used a Mac was because there were absolutely NO VIRUSES written for them.. and that he was totally safe from infection.. I personally think it was because they were not popular enough or widely enough used to be targeted.

[Bizarre™]

@heath28m:

Then that guy is totally clueless ^_^

[HX1]

I know right... you wouldn't believe who it was either .. :lmao: and I can't tell you so don't ask.. but yeah things changed ...

[DKT27]

I wonder how many viruses are written for linux. :think:

I'm not saying that there wouldn't be any, just wonder how much.

[Bizarre™]

@DKT27:

Try searching Linux Exploits in Google ^_^