Firefox Add-on Exonerated From Trojan Quarantine

It turns out that one of the Firefox add-ons that was thought to have Trojans were clean and innocuous.

Mozilla said last week that the Win32.LdPinch.gen Trojan was found in v4.0 of the Sothink Web Video Downloader add-on, and the Win32.Bifrose.32.Bifrose Trojan was discovered in all versions of Master Filer. Mozilla said that both Trojans will infect the host computer once the user installs the add-ons and re-launches the browser.

Now, Mozilla says that everything is fine with the Sothink Video Downloader; it was all a false alarm.

"Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO.  Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware," read a Mozilla blog post.

The Master Filer extension, however, is still bad: "The same investigation also confirmed that the Master Filer extension included a valid instance of a trojan.  Our estimate of 6,000 affected downloads has been revised to under 700.  The Sothink Video Downloader has been re-enabled on AMO.  We apologize to our users and the developers of Sothink for any inconvenience this has caused."

Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
  • HansVonOhain
    Did they use the McAffee? :P
    Reply
  • hunter315
    I would much rather they pull things for false positives than risk a few false negatives. It atleast got the add on some publicity so its not all bad.
    Reply
  • JohnnyLucky
    False positive? better safe than sorry.
    Reply
  • webbwbb
    Someone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.
    Reply
  • LuckyRed
    webbwbbSomeone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.I think they had to make a public statement. If they hadn't and this turned out to be a trojan, then I suspect they could have faced a class-action suit from the people who already downloaded it. Additionally, they would have taken a huge hit to their reputation.
    Reply
  • Marco925
    HansVonOhainDid they use the McAffee?
    You mean, broken condom for antivirus? :P
    Reply
  • twu
    Common user error, using the condom in the wrong hole.
    Reply
  • hotroderx
    webbwbbSomeone really messed up there. Mozilla could very well be sued for defamation by Sothink. It was good that they pulled the download but they should not have been so quick to publicly accuse them of including malware. It would have been better to just leave a message saying that this addon is currently unavailable while they waited for things to be confirmed.
    I dont agree one bit in this case Firefox did the right thing. They removed a potential threat then warned the people of the threat. Today society needs to stop being so sue happy about ever little thing and use some common since ever once in a while.. it makes me sick...... You know people do the right thing then get into trouble for it.


    Just sit and think about this what happens if next time it turns out to be a positive and firefox doesn't say anything tell they get finished testing it... lets say in the mean time the program manges to download ooo 100m credit card numbers and other bits of personal information that they use to steal identities (someone you knows or your self is included and ends up having there entire world turned up side down) do you think they should have just sat on it tell it was tested?
    Reply
  • saran008
    HansVonOhainDid they use the McAffee?I am pretty Sure that they did!
    Reply
  • salem80
    No one perfect at least Mozilla recognize their mistake not like M$ or apple ↑

    Reply