LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices

Reply
 
Search this Thread
Old 02-06-2010, 07:43 AM   #1
DragonSlayer48DX
Registered User
 
Registered: Dec 2006
Posts: 1,454
Blog Entries: 1

Rep: Reputation: 74
Malicious Firefox Add-ons Installed Trojans


Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.

The small-distribution extensions were previously available via Mozilla's add-on site, but have since been removed. According to Mozilla's post, the Master Filer add-on had been downloaded about 600 times and installed the Bifrose Trojan. The Sothink Web Video Downloader version 4 slipped in the LdPinch Trojan, and had been downloaded about 4,000 times.

According to the open-source organization, the malicious add-ons managed to sneak by the one malware scanner (unnamed in the post) used by Mozilla. The organization says it will now be scanning with two additional detection tools (also unnamed).

If you happen to have installed either of these malicious add-ons, note that removing the add-on will not remove any installed Trojan. You'll need to run a separate antivirus scan and disinfection to clean your system. Mozilla's post includes a list of antivirus software currently known to detect the particular Trojans involved.

This unfortunate incident makes clear why relying solely on one antivirus scanner is never a good idea, as no one program detects everything. Since this has happened at least once before with an infected Vietnamese language pack, I'm curious why Mozilla doesn't simply switch to uploading all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission. I've also asked Mozilla which scanner it had been using. If I get that information I'll add it to this post.

Update: Mozilla says it had been using ClamAV as its sole scanner prior to this incident. I'd guess Mozilla feels it's a natural match as an open-source app, but the ClamAV engine didn't fare well at detection tests when I reviewed the Windows version of the program, ClamWin.

http://news.yahoo.com/s/pcworld/2010...stalledtrojans
 
Old 02-07-2010, 06:12 AM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Which OS was affected and why don't you mention it ?
 
Old 02-07-2010, 06:22 AM   #3
carbonfiber
Member
 
Registered: Sep 2009
Location: Sparta
Posts: 237

Rep: Reputation: 46
http://www.symantec.com/security_res...101214-5358-99
http://www.symantec.com/security_res...110315-5340-99

Take a wild guess.
 
Old 02-07-2010, 11:11 AM   #4
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,734
Blog Entries: 12

Rep: Reputation: 457Reputation: 457Reputation: 457Reputation: 457Reputation: 457
evil people are everywhere.

Ubuntu: Malware in Screensaver from Gnome-Look.org - http://techie-buzz.com/linux-news/ub...nome-look.html


Unfortunately malware in Firefox extensions will continue to happen, and the result will scare the poor windows users into using Chrome. How else is Google going to convince people that Chrome is better than Firefox? Wonder if all of the extensions for Chrome go through a similar process?

As we all know, "Don't be evil" is the informal corporate motto (or slogan) of Google.
 
Old 02-07-2010, 02:24 PM   #5
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by smoker View Post
Which OS was affected and why don't you mention it ?
Quote:
This vulnerability is known to affect Firefox on Windows only,
http://blog.mozilla.com/addons/2010/...-issue-on-amo/

Quote:
Originally Posted by craigevil View Post
evil people are everywhere.
http://www.youtube.com/watch?v=zVeNq...eature=related
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 5 Useful Add-Ons for Firefox 3.5 LXer Syndicated Linux News 0 07-02-2009 09:00 AM
Firefox add-ons antoninchina Linux - Newbie 3 04-28-2009 02:49 PM
LXer: 5 Essential Add-ons for Firefox 3 LXer Syndicated Linux News 0 04-04-2009 04:11 PM
LXer: Seven Must-Have Firefox Security Add-Ons LXer Syndicated Linux News 0 02-28-2009 01:11 AM
firefox add-ons asif2k General 1 09-21-2007 08:41 PM


All times are GMT -5. The time now is 02:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration