Mozilla confirms infected Firefox add-ons slipped through security
Malware hidden in two extensions threatens Windows users
Computerworld - Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.
The add-ons have been removed from Firefox's official add-on download site.
According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the "experimental" area of Firefox's add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.
Master Filer was downloaded about 600 times in the five months ending Jan. 25, when it was pulled from the site. Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. The most up-to-date version of the latter, which captures streaming videos in a variety of formats, is 5.7.
Any Windows users who installed one of the two add-ons would have also silently executed the Trojan, which would then infect the PC. Mac and Linux users who installed the add-ons were not affected.
Mozilla acknowledged that its security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog. "This scanning tool failed to detect the Trojan in Master Filer." After adding more scanning tools to the process, a rescan of all add-ons uncovered the attack code embedded in Sothink Web Video Downloader 4.0, which was yanked from the download site Tuesday.
Mozilla urged users who downloaded the add-ons to uninstall them and, because that doesn't scrub the Trojan from the system, to also run an antivirus scan to detect and delete the malware.
Little could be found on the Web about the author of Master Filer, identified as "haklinim," other than that he or she used an anonymous proxy server in Japan to shunt traffic to a developer biography, which Mozilla has also deleted.
SourceTec Software, which makes Sothink Web Video Downloader, is based in China, according to the phone number listed on its Web site. The company did not reply to a request for comment or an explanation of how its add-on was infected.
Mozilla also was unavailable late Thursday to respond to questions, including why the infected Sothink Web Video Downloader add-on was not detected in 2008, and whether it planned to reach out to users who had downloaded the tainted extensions.
Although Mozilla has removed both add-ons from its download site, post-4.0 editions of Sothink Web Video Downloader remain available on other download sites. It's unknown how many copies of version 4.0 of the add-on were downloaded and installed from non-Mozilla sources, such as CNet's Download.com.
This is not the first time that Mozilla has missed malware in an add-on. In May 2008, it admitted a worm inside a Vietnamese language add-on had gone undetected for months, and had been downloaded nearly 17,000 times. The then-head of Mozilla's security, Window Snyder, called the impact on users "limited."
After the worm snafu, Snyder said Mozilla would boost the number of times it scanned files for malware, and would also up the frequency of scans of its entire add-on catalog "to address this sort of case in the future."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Networking in Computerworld's Networking Topic Center.
- Clearing the Network Hurdle to Cloud Deployment Although enthusiasm is high among IT pros for cloud services, an IDG Research Quick Poll survey found that, in fact, the cloud is...
- Accelerating the Delivery Microsoft Office 365 Many organizations use Office 365's cloud-based mail, collaboration and communication services as the dominant workload. However, as services move to the cloud, data...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!