Infected add-ons found on Mozilla download site
Mozilla has discovered two 'experimental' add-ons for its Firefox browser which contain dangerous malware. According to Mozilla, version 4.0 of Sothink Web Video Downloader is infected with password sniffer Win32.LdPinch.gen and Master Filer is infected with the backdoor trojan Win32.Bifrose. Where malware has infected a Windows system following installation of an infected browser add-on, uninstalling the add-on alone will not remove the infection.
In its advisory on the problem, Mozilla lists several anti-virus programs which are able to recognise the malware and have been able to do so for some time. But this is where it gets embarrassing for Mozilla – the infected add-ons have been available from the official download site for several months and, according to Mozilla, have together been downloaded around 4,600 times. The infected add-ons were only discovered and removed, on 25th January and 2nd February, following use of additional anti-virus scanning software by Mozilla.
Mozilla should really have been alert to the danger since malware had been found in a Vietnamese language pack back in 2008. In that case the malware merely displayed advertising, but it could, according to Mozilla developers, also have been used for more nefarious activities. That script, designated HTML.Xorer also appears to have slipped past Mozilla's anti-virus scanner. As a result, Mozilla developers announced that the add-on directory would in future be checked for malware on a daily basis.
The current case illustrates the point that it is still advisable to check add-ons for viruses before installing them, using, for example, an online service such as VirusTotal.