Sign in with
Sign up | Sign in

Firefox Add-on Exonerated From Trojan Quarantine

By - Source: Tom's Hardware US | B 11 comments

Sothink Web Video Downloader gets pardoned from the Trojan accusation.

It turns out that one of the Firefox add-ons that was thought to have Trojans were clean and innocuous.

Mozilla said last week that the Win32.LdPinch.gen Trojan was found in v4.0 of the Sothink Web Video Downloader add-on, and the Win32.Bifrose.32.Bifrose Trojan was discovered in all versions of Master Filer. Mozilla said that both Trojans will infect the host computer once the user installs the add-ons and re-launches the browser.

Now, Mozilla says that everything is fine with the Sothink Video Downloader; it was all a false alarm.

"Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO.  Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware," read a Mozilla blog post.

The Master Filer extension, however, is still bad: "The same investigation also confirmed that the Master Filer extension included a valid instance of a trojan.  Our estimate of 6,000 affected downloads has been revised to under 700.  The Sothink Video Downloader has been re-enabled on AMO.  We apologize to our users and the developers of Sothink for any inconvenience this has caused."

Display 11 Comments.
This thread is closed for comments
Top Comments
  • 13 Hide
    HansVonOhain , February 12, 2010 1:03 AM
    Did they use the McAffee? :p 
  • 11 Hide
    hunter315 , February 12, 2010 1:24 AM
    I would much rather they pull things for false positives than risk a few false negatives. It atleast got the add on some publicity so its not all bad.
Other Comments
  • 13 Hide
    HansVonOhain , February 12, 2010 1:03 AM
    Did they use the McAffee? :p 
  • 11 Hide
    hunter315 , February 12, 2010 1:24 AM
    I would much rather they pull things for false positives than risk a few false negatives. It atleast got the add on some publicity so its not all bad.
  • 6 Hide
    JohnnyLucky , February 12, 2010 2:10 AM
    False positive? better safe than sorry.
  • -4 Hide
    webbwbb , February 12, 2010 2:35 AM
    Someone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.
  • 4 Hide
    LuckyRed , February 12, 2010 3:09 AM
    webbwbbSomeone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.

    I think they had to make a public statement. If they hadn't and this turned out to be a trojan, then I suspect they could have faced a class-action suit from the people who already downloaded it. Additionally, they would have taken a huge hit to their reputation.
  • 3 Hide
    Marco925 , February 12, 2010 3:16 AM
    HansVonOhainDid they use the McAffee?


    You mean, broken condom for antivirus? :p 
  • 1 Hide
    twu , February 12, 2010 3:32 AM
    Common user error, using the condom in the wrong hole.
  • 9 Hide
    hotroderx , February 12, 2010 3:52 AM
    webbwbbSomeone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.


    I dont agree one bit in this case Firefox did the right thing. They removed a potential threat then warned the people of the threat. Today society needs to stop being so sue happy about ever little thing and use some common since ever once in a while.. it makes me sick...... You know people do the right thing then get into trouble for it.


    Just sit and think about this what happens if next time it turns out to be a positive and firefox doesn't say anything tell they get finished testing it... lets say in the mean time the program manges to download ooo 100m credit card numbers and other bits of personal information that they use to steal identities (someone you knows or your self is included and ends up having there entire world turned up side down) do you think they should have just sat on it tell it was tested?
  • -3 Hide
    saran008 , February 12, 2010 5:58 AM
    HansVonOhainDid they use the McAffee?

    I am pretty Sure that they did!
  • -1 Hide
    salem80 , February 12, 2010 7:35 PM
    No one perfect at least Mozilla recognize their mistake not like M$ or apple ↑

  • 1 Hide
    Anonymous , February 12, 2010 8:15 PM
    AMO was vulnerable to MITM:
    https://bugzilla.mozilla.org/show_bug.cgi?id=544660
    http://blog.ivanristic.com/2010/02/firefox-extension-installation-process-vulnerable-to-mitm-attack-.html