Malware-laced Firefox Add-ons Escaped Security Detection
Mozilla has issued an alert that a couple of add-ons that users can obtain from addons.mozilla.org, an authorized Add-ons website, was loaded with code capable of infecting Windows computers. As a result, about 4,600 end-users have been contaminated.
More information underscores that all the "Master Filer" editions and "Sothink Web Video Downloader 4.0," the malevolent add-ons continue to be experimented as they appear on the Add-on website of Firefox.
Reports pertaining to this development outline that there is hardly anything about Master Filer's creator recognized as "Haklinim" on the Web. Maker of Sothink Web Video Downloader, SourceTec Software is known to be located in China, the company website's listed phone number indicates.
Moreover, the add-ons contained Trojans, which commercial anti-virus programs have been catching ever since 2008. Yet, Firefox didn't remove them until late last month (January 2010) to early 1st week of February 2010. This was because certain tool for scanning and examining add-ons at the time of uploading couldn't detect the malware programs.
It's further revealed that Sothink Web Video Downloader add-on version 4 planted Win32.LdPinch.gen, a password-stealer that was pulled down from the Net some 4,000 times during February-May 2008. Similarly, the Master Filer add-on carried Win32.Bifrose, a backdoor complemented Trojan, which was pulled down 600 times during September 2009-January 2010.
Mozilla admitted that it had ineffective security processes as far as the malicious programs were concerned.
Meanwhile according to Mozilla's formal blog entry, any user who loads either of the two infected add-ons will become infected with the Trojan once Firefox starts on his computer. Additionally, even if these add-ons are uninstalled, the Trojan remains on the system. ZDNet reported this on February 5, 2010.
Further according to the blog entry, users having any of the two add-ons must still uninstall them instantly. But, since that won't clear the user's system off the Trojan, anti-virus software must be deployed for detecting and eliminating the infection.
Finally, Mozilla shipping malicious software laden add-ons to the market isn't something new. During May 2008, a Vietnamese-language program pertaining to Firefox 2 carried a virus due to which users received undesirable ads.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 12-02-2010