Mozilla retracts Firefox add-on malware claim

False-positive on AV scan incorrectly pegged Sothink add-on as infected

Mozilla today acknowledged that it had falsely accused a developer of infecting a Firefox add-on with attack code.

The admission came a week after Mozilla announced that a pair of add-ons , Sothink Web Video Downloader 4.0 and Master Filer, had slipped through its security check-in. Both were infected with Trojan horses designed to hijack Windows PCs, the company said. Mozilla removed both extensions from its official add-on download site.

Today, Mozilla said that it had been wrong about Sothink Web Video Downloader. "We've worked with security experts and add-on developers to determine that the suspected Trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware," Mozilla said in a statement posted to its add-ons blog .

Master Filer, on the other hand, does contain a Trojan, Mozilla reiterated today.

Last week, Sothink denied that its add-on had given malware a ride into PCs running Firefox. "For every product, we test [for a] virus before release," said Joey Deng of SourceTec Software in an e-mail reply last week to questions from Computerworld ."We haven't found any Trojan during our test, for both Web Video Downloader 4.0 and 5.7."

In fact, Deng said Sothink was "very surprised" to hear that its add-on had been pulled from the Firefox download site. Mozilla has never said whether it was in contact with the developers of the two add-ons prior to removing them from its site.

Deng was not available for comment today due to the time difference; SourceTec is based in China.

Mozilla credited McAfee for helping it determine that Sothink's add-on was not infected. According to Craig Schmugar, a threat researcher with the security vendor, Mozilla reached out to McAfee, which passed the Sothink add-on code to a team of its researchers. "They looked at the binary and determined that it did not contain [malware]," said Schmugar. "They gave that information back to Mozilla."

Schmugar also said that several antivirus scanners had incorrectly flagged the Sothink add-on as harboring malware. "There are many things that vendors can do to reduce false positives," Schmugar said, including forgoing use of tools that hackers commonly employ.

Sothink failed to do that, Schmugar said, citing its use of a code packer. "Packers are used to compress the file so it's smaller in transit and downloads faster," he noted. "They're also used as a kind of protection against reverse engineering. But they're used by malware authors for the same reasons."

Sothink used a commercial packer to reduce the size of the add-on and obfuscate its code, Schmugar said. "They used a packer that's also widely used by the bad guys," he said.

Mozilla has restored Sothink Web Video Downloader to its add-on download site. "We apologize to our users and the developers of Sothink for any inconvenience this has caused," the company said today.

Mozilla has not replied to multiple requests for comment on the add-on snafu.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremozillamozilla firefox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?