Skip the navigation
News

Mozilla confirms infected Firefox add-ons slipped through security

Malware hidden in two extensions threatens Windows users

By Gregg Keizer
February 5, 2010 06:50 AM ET

Computerworld - Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.

The add-ons have been removed from Firefox's official add-on download site.

According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the "experimental" area of Firefox's add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.

Master Filer was downloaded about 600 times in the five months ending Jan. 25, when it was pulled from the site. Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. The most up-to-date version of the latter, which captures streaming videos in a variety of formats, is 5.7.

Any Windows users who installed one of the two add-ons would have also silently executed the Trojan, which would then infect the PC. Mac and Linux users who installed the add-ons were not affected.

Mozilla acknowledged that its security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog. "This scanning tool failed to detect the Trojan in Master Filer." After adding more scanning tools to the process, a rescan of all add-ons uncovered the attack code embedded in Sothink Web Video Downloader 4.0, which was yanked from the download site Tuesday.

Mozilla urged users who downloaded the add-ons to uninstall them and, because that doesn't scrub the Trojan from the system, to also run an antivirus scan to detect and delete the malware.

Little could be found on the Web about the author of Master Filer, identified as "haklinim," other than that he or she used an anonymous proxy server in Japan to shunt traffic to a developer biography, which Mozilla has also deleted.

SourceTec Software, which makes Sothink Web Video Downloader, is based in China, according to the phone number listed on its Web site. The company did not reply to a request for comment or an explanation of how its add-on was infected.

Mozilla also was unavailable late Thursday to respond to questions, including why the infected Sothink Web Video Downloader add-on was not detected in 2008, and whether it planned to reach out to users who had downloaded the tainted extensions.

Although Mozilla has removed both add-ons from its download site, post-4.0 editions of Sothink Web Video Downloader remain available on other download sites. It's unknown how many copies of version 4.0 of the add-on were downloaded and installed from non-Mozilla sources, such as CNet's Download.com.

This is not the first time that Mozilla has missed malware in an add-on. In May 2008, it admitted a worm inside a Vietnamese language add-on had gone undetected for months, and had been downloaded nearly 17,000 times. The then-head of Mozilla's security, Window Snyder, called the impact on users "limited."

After the worm snafu, Snyder said Mozilla would boost the number of times it scanned files for malware, and would also up the frequency of scans of its entire add-on catalog "to address this sort of case in the future."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about Networking in Computerworld's Networking Topic Center.



infected Firefox add-on

Additional Resources
The 2009 Handbook of Application Delivery
WHITE PAPER
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
How to Cut Software Management Costs and Avoid Over-Spending
WEBCAST
Live Webcast Event: June 9, 2010
Time: 1:00 PM EDT / 11:00 AM PDT
Did you know that companies spend an average of 30% more on software licenses and maintenance than they need to? It's not that surprising when you consider the challenges that IT executives face as they struggle to manage software across their organizations. Poor visibility into remote assets, an inability to ensure the security of PCs, and failing to deliver satisfactory service to end users on a consistent and cost-effective basis are a few of the challenges. Attend this webcast to learn more!
How To Boost Your Bottom Line in Today's Business Climate
WHITE PAPER
In conjunction with Google Enterprise Search, the Google Search Appliance (GSA) can dramatically reduce your organization's total cost of ownership (TCO). By providing search solutions that are deployed on-premise all at one price, GSA can simplify matters and keep costs low. Read this white paper.
What People Are Saying
Networking White Papers
10 Ways to Establish a Strategic Advantage in Managing Change
This paper offers ways that your company can establish a strategic advantage in managing change. It offers a structured approach to managing change...
Five CIO Challenges Addressed by Better Change Management
Addresses five of the foremost change management challenges that CIOs have to meet and how organizations can turn these challenges into a business...
Turning Product Development into Competitive Advantage
Explore smarter products and discover some best practices that business can employ to build smarter products and drive innovative technologies.
Achieving True Collaboration in Global Development
Most find that the benefits of working globally are many, including savings in time and money and the ability to take advantage of...
Magic Quadrant for IT Event Correlation and Analysis
The Magic Quadrant covers mature and emerging products that help IT organizations consolidate, analyze and respond to component-level IT infrastructure events, improve their...
All Networking White Papers
IT Jobs