How-To Geek

Beware! Two More Firefox Malware Extensions Found, with Full-Blown Trojans This Time

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Last July, we pointed out that the Google Reader Notifier extension had turned into crapware, the NoScript add-on was hijacking another extension, and even the Fast Dial extension was spamming you—so it was only a matter of time before an extension came bundled with a full-blown trojan.

Last time, it was as simple as spam links showing up in your browser, and tracking the URLs you were going to—really frustrating and evil, but not necessarily the end of the world, since it wasn’t going to take over your PC.


Yesterday, the Mozilla Add-ons blog reported that two extensions contained nasty trojans that hijacked your PC.

Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

If you’ve installed those extensions at any point, you should make sure to run a full virus scan on your PC.

Rant About Firefox Extension Security

Instead of ranting again, let me just quote what I said last time this happened…

What’s to stop yet another Firefox extension from turning into badware, sneaking in tracking codes, or stealing your personal information? It’s already happened with two of the most popular extensions… Somebody at Mozilla needs to do something about this.

The current process over at Mozilla is to run an automated virus scanner against the extensions, and as a result of this issue they have added more scanning tools to the process. This doesn’t solve the real issue, because any virus programmer with some skills can write a customized virus that doesn’t get picked up by any of the commercial virus scanning tools. Sure, some of the tools have heuristics that will probably detect rootkits and some of the nastier techniques, but it’s not going to prevent the issue entirely.

The real problem isn’t even a traditional virus, as far as I’m concerned. How difficult would it be for somebody to write a native Firefox extension that simply takes all your passwords and sends them to a rogue site? There’s no security layer to prevent add-ons from accessing your personal information stored in the browser, and no virus scanner is going to pick up a native Firefox extension since they are written in Javascript.

The Partial Solution

Nobody’s expecting Mozilla to scan through the source code of every single extension—that’s just prone to human error anyway. What would make sense, however, is to have some layers of security that prevent add-ons from accessing any of your personal information stored in the browser unless you specifically allow them to.

What Can You Do to Keep Safe?

You should always make sure to check the reviews on an extension before you install it—don’t just take somebody else’s word when they vouch for an extension… make sure to do your due diligence to check things out first. The same thing applies for any application, of course—if you’re installing applications without doing a virus scan, you’re leaving yourself wide open to having your PC hijacked.

Please read: Security Issue on AMO [Mozilla Add-ons Blog]

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 02/5/10

Comments (7)

  1. Adam

    Correct me if I’m wrong, but Fast Dial didn’t track your information, it simply added links. That’s a lot different than tracking the links you click.
    ~A moderator

  2. JonMCC33

    I only use Adblock Plus and ChatZilla (to take away my need for mIRC). Firefox extensions can get a little crazy these days.

  3. The Geek

    Yeah, I meant that Google Reader Notifier was tracking you (I verified as such in the source code).

  4. simple solution

    But why not have the code looked at by multiple people (independent checkers)
    If millions of people are using an extention why is it not straight forward to do this?
    A peer review check of the code before it gets an official release would end this stupidity.
    3 to 7 random reviewers from a master list of security/programmers would keep anyone from going to the dark side and approve a bad code signoff. His random peers would rat him out (anonomously) as he would be the only one (at least a minority).

    also why are these people that do these things allowed to stay hidden. there names and faces should be drug through the streets with the bankers.

  5. LaVada

    My e-mails have started opening up very small. It’s a nuisance to have to click the “enlarge” tab in order to read the e-mail. No one I know has had this problem or how to fix it or what caused it in the first place.
    Any help or suggestions would be appreciated.

  6. Elmo

    Ditto to the LaVada question above about emails opening very small

  7. Roi

    Why just not use Google Chrome not have to worry about any bad extension since there are security layers and such???

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!