Post Tue Feb 09, 2010 11:20 am

Mozilla Says 2 Firefox Plug-ins Contain Trojan


Mozilla is warning that two "experimental" plug-ins for its Firefox web browser contain malware.

Version 4.0 of the Sothink Web Video Downloader and all editions of Master Filer — both of which have since been removed from Mozilla's archive of add-ons — contain a trojan that targets Windows computers, according to a Mozilla blog post posted Friday. Users who have downloaded the add-ons are advised to uninstall them and run an anti-virus scan to clean up any infection on their PCs.

"If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan," according to the post.

But on Monday, the maker of the Sothink add-on denied that its product contained malicious code.

"To respond to the recent negative information about Sothink Web Video Downloader for Firefox, Sothink Media announced that the latest version of this program is 100 percent clean and safe for our users," the company said in a blog post. "It has already passed the detection of the authority third party."

The company included a link to a VirusTotal analysis, which turned up zero infections when the add-on was tested against 40 commonly used anti-virus products.

Contact information for the maker of Master Filer could not be obtained.

Mozilla does look for malware on add-ons uploaded to its site. When the company realized that its current scanning engine did not detect the trojan in Master Filer, it added two more tools to its testing mechanism, which discovered the malicious Sothink add-on. No other rogue add-ons were found.

"Experimental add-ons are newer add-ons which have not yet undergone our public review process," Mozilla advised in a Firefox FAQ section on its web site. "Many of these add-ons may be in prototype form...Caution should be used when installing experimental add-ons, as they have not been tested by an editor and may harm your computer configuration."

Mozilla said the Sothink plug-in was downloaded an estimated 4,000 times from February 2008 to May 2008, while the Master Filer was installed some 600 times from September 2009 to January 2010.



Original story:
http://www.scmagazineus.com/mozilla-say ... le/163344/

Don
CISSP, MCSE, CSTA, Security+ SME