February 11, 2010

Mozilla recants assertion that Firefox add-on has trojan

Mozilla has done an about-face after disclosing that two "experimental" add-ons for its Firefox browser contained malware targeting Windows users.

The company admitted late Tuesday that one of the plug-ins originally believed to contain a trojan, version 4.0 of the Sothink Web Video Downloader, is free of any malicious code. The extension allows Firefox users to easily download videos from the web.

As it turned out, a software protection system that uses encryption to protect the add-on from pirates and malware actually was to blame.

"Since the disclosure, we've worked with security experts and add-on developers to determine that the suspected trojan...was a false positive, and the extension does not contain malware," Mozilla said in a blog post. "We apologize to our users and the developers of Sothink for any inconvenience this has caused."

Shortly after Mozilla initially revealed that it believed the add-on was malicious, Sothink Media, which makes the video downloader, objected, saying the plug-in was validated by a third party as free of malware. It also included a link to a VirusTotal report, which turned up zero infections when the add-on was tested against 40 commonly used anti-virus products.

The next day, in another blog post, Sothink Media explained why the add-on was marked as malicious: "In the version 4.0, the encryption program for Web Video Downloader used to be Armadillo. The false virus report was caused because of Armadillo's own disadvantage. Armadillo isn't a trojan in and of itself. It's a compression utility that is often used to compress/hide malicious code in .exe's. That's the reason why the scans are hitting on the file as suspicious. So there isn't any virus in Web Video downloader or in Armadillo actually."

Mozilla's investigation did, however, confirm that the other add-on it identified as containing a trojan, Master Filer, actually did. But the company lowered its estimate of infected installations of that plug-in, which has since been removed from Mozilla's archive of add-ons, from 6,000 to fewer than 700.


Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.