Mozilla has removed a pair of malware-laced Firefox add-ons from its site believed to have infected some 4,600 users.
According to Mozilla’s Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojans targeting Windows users. The add-ons were considered “experimental,” meaning they had yet to survive a public review process. For that reason, and because the add-ons are untested by Mozilla’s editorial team, Mozilla warns users to exhibit caution before installing them.
In this case, Master Filer was downloaded roughly 600 times during a five-month period before it was removed from the site Jan. 25. Sothink Web Video Downloader 4.0 was downloaded some 4,000 times between February and May 2008. It was taken down from the site Feb. 2, 2010. The current version of the Sothink Web Video Downloader is 5.7.
“If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan,” according to Mozilla. “Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.”
Mozilla does test add-ons uploaded to the site for malware and blocks add-ons detected as malicious.
“Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader,” according to Mozilla. “No other instances of malware have been discovered.”
Version 4.0 of Sothink Web Video Downloader contained the Trojan Win32.LdPinch.gen, while Master Filer was contaminated with the Win32.Bifrose.32.Bifrose Trojan. Both are detected by several antivirus products, including those from AVG and McAfee. A complete list can be found here.