Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - News
User Name
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.


  Search this Thread
Old 02-06-2010, 07:43 AM   #1
Registered User
Registered: Dec 2006
Posts: 1,454
Blog Entries: 1

Rep: Reputation: 74
Malicious Firefox Add-ons Installed Trojans

Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.

The small-distribution extensions were previously available via Mozilla's add-on site, but have since been removed. According to Mozilla's post, the Master Filer add-on had been downloaded about 600 times and installed the Bifrose Trojan. The Sothink Web Video Downloader version 4 slipped in the LdPinch Trojan, and had been downloaded about 4,000 times.

According to the open-source organization, the malicious add-ons managed to sneak by the one malware scanner (unnamed in the post) used by Mozilla. The organization says it will now be scanning with two additional detection tools (also unnamed).

If you happen to have installed either of these malicious add-ons, note that removing the add-on will not remove any installed Trojan. You'll need to run a separate antivirus scan and disinfection to clean your system. Mozilla's post includes a list of antivirus software currently known to detect the particular Trojans involved.

This unfortunate incident makes clear why relying solely on one antivirus scanner is never a good idea, as no one program detects everything. Since this has happened at least once before with an infected Vietnamese language pack, I'm curious why Mozilla doesn't simply switch to uploading all add-on submissions to the free, which uses about 40 different engines to scan each submission. I've also asked Mozilla which scanner it had been using. If I get that information I'll add it to this post.

Update: Mozilla says it had been using ClamAV as its sole scanner prior to this incident. I'd guess Mozilla feels it's a natural match as an open-source app, but the ClamAV engine didn't fare well at detection tests when I reviewed the Windows version of the program, ClamWin.
Old 02-07-2010, 06:12 AM   #2
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
Which OS was affected and why don't you mention it ?
Old 02-07-2010, 06:22 AM   #3
Registered: Sep 2009
Location: Sparta
Posts: 237

Rep: Reputation: 46

Take a wild guess.
Old 02-07-2010, 11:11 AM   #4
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,734
Blog Entries: 12

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
evil people are everywhere.

Ubuntu: Malware in Screensaver from -

Unfortunately malware in Firefox extensions will continue to happen, and the result will scare the poor windows users into using Chrome. How else is Google going to convince people that Chrome is better than Firefox? Wonder if all of the extensions for Chrome go through a similar process?

As we all know, "Don't be evil" is the informal corporate motto (or slogan) of Google.
Old 02-07-2010, 02:24 PM   #5
LQ Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284Reputation: 1284
Originally Posted by smoker View Post
Which OS was affected and why don't you mention it ?
This vulnerability is known to affect Firefox on Windows only,

Originally Posted by craigevil View Post
evil people are everywhere.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 5 Useful Add-Ons for Firefox 3.5 LXer Syndicated Linux News 0 07-02-2009 09:00 AM
Firefox add-ons antoninchina Linux - Newbie 3 04-28-2009 02:49 PM
LXer: 5 Essential Add-ons for Firefox 3 LXer Syndicated Linux News 0 04-04-2009 04:11 PM
LXer: Seven Must-Have Firefox Security Add-Ons LXer Syndicated Linux News 0 02-28-2009 01:11 AM
firefox add-ons asif2k General 1 09-21-2007 08:41 PM

All times are GMT -5. The time now is 05:35 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration