Malware

Mozilla recants assertion that Firefox add-on has trojan

Mozilla has done an about-face after disclosing that two "experimental" add-ons for its Firefox browser contained malware targeting Windows users.

The company admitted late Tuesday that one of the plug-ins originally believed to contain a trojan, version 4.0 of the Sothink Web Video Downloader, is free of any malicious code. The extension allows Firefox users to easily download videos from the web.

As it turned out, a software protection system that uses encryption to protect the add-on from pirates and malware actually was to blame.

"Since the disclosure, we've worked with security experts and add-on developers to determine that the suspected trojan...was a false positive, and the extension does not contain malware," Mozilla said in a blog post. "We apologize to our users and the developers of Sothink for any inconvenience this has caused."

Shortly after Mozilla initially revealed that it believed the add-on was malicious, Sothink Media, which makes the video downloader, objected, saying the plug-in was validated by a third party as free of malware. It also included a link to a VirusTotal report, which turned up zero infections when the add-on was tested against 40 commonly used anti-virus products.

The next day, in another blog post, Sothink Media explained why the add-on was marked as malicious: "In the version 4.0, the encryption program for Web Video Downloader used to be Armadillo. The false virus report was caused because of Armadillo's own disadvantage. Armadillo isn't a trojan in and of itself. It's a compression utility that is often used to compress/hide malicious code in .exe's. That's the reason why the scans are hitting on the file as suspicious. So there isn't any virus in Web Video downloader or in Armadillo actually."

Mozilla's investigation did, however, confirm that the other add-on it identified as containing a trojan, Master Filer, actually did. But the company lowered its estimate of infected installations of that plug-in, which has since been removed from Mozilla's archive of add-ons, from 6,000 to fewer than 700.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.