Mozilla confirms infected Firefox add-ons slipped through security
Malware hidden in two extensions threatens Windows users
Computerworld - Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.
The add-ons have been removed from Firefox's official add-on download site.
According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the "experimental" area of Firefox's add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.
Master Filer was downloaded about 600 times in the five months ending Jan. 25, when it was pulled from the site. Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. The most up-to-date version of the latter, which captures streaming videos in a variety of formats, is 5.7.
Any Windows users who installed one of the two add-ons would have also silently executed the Trojan, which would then infect the PC. Mac and Linux users who installed the add-ons were not affected.
Mozilla acknowledged that its security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog. "This scanning tool failed to detect the Trojan in Master Filer." After adding more scanning tools to the process, a rescan of all add-ons uncovered the attack code embedded in Sothink Web Video Downloader 4.0, which was yanked from the download site Tuesday.
Mozilla urged users who downloaded the add-ons to uninstall them and, because that doesn't scrub the Trojan from the system, to also run an antivirus scan to detect and delete the malware.
Little could be found on the Web about the author of Master Filer, identified as "haklinim," other than that he or she used an anonymous proxy server in Japan to shunt traffic to a developer biography, which Mozilla has also deleted.
SourceTec Software, which makes Sothink Web Video Downloader, is based in China, according to the phone number listed on its Web site. The company did not reply to a request for comment or an explanation of how its add-on was infected.
Mozilla also was unavailable late Thursday to respond to questions, including why the infected Sothink Web Video Downloader add-on was not detected in 2008, and whether it planned to reach out to users who had downloaded the tainted extensions.
Although Mozilla has removed both add-ons from its download site, post-4.0 editions of Sothink Web Video Downloader remain available on other download sites. It's unknown how many copies of version 4.0 of the add-on were downloaded and installed from non-Mozilla sources, such as CNet's Download.com.
This is not the first time that Mozilla has missed malware in an add-on. In May 2008, it admitted a worm inside a Vietnamese language add-on had gone undetected for months, and had been downloaded nearly 17,000 times. The then-head of Mozilla's security, Window Snyder, called the impact on users "limited."
After the worm snafu, Snyder said Mozilla would boost the number of times it scanned files for malware, and would also up the frequency of scans of its entire add-on catalog "to address this sort of case in the future."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at
@gkeizer or subscribe to Gregg's RSS feed
. His e-mail address is gkeizer@ix.netcom.com.
Read more about Networking in Computerworld's Networking Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Digital Transformation: Creating New Business Models Where Digital Meets Physical
- Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
- Make the Connection: Better Network Connectivity Drives Transformation
- Network connectivity is more than just plumbing. Leading organizations today see high-performance network connectivity as a critical enabler of competitive advantage, and not...
- Virtualizing Government Infrastructure
- All server virtualization solutions are not created equal. The more-with-less agenda for government agencies is tailor-made for server virtualization, which is evolving into...
- Moving Service Management to SaaS
- Today, organizations can enjoy similarly substantial benefi ts by migrating their IT service management functions to a software-as-a-service model. This paper shows how...
- Achieving 360 Degree Network Visibility with Nimsoft
- 360° network visibility is critical for ensuring continuous availability of networks, servers, and applications-anything less could
have costly bottom-line implications.
All Networking White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Unified Communication for Dummies
- What's the best way to implement a unified communications solution for your organization?
- Try the OptiView® XG on your network - FREE
- The OptiView® XG is the first dedicated tablet with automated network and application analysis -- fastest way to root cause. XG raises the...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and... All Networking Webcasts