Two Firefox add-ons located in the experimental section of Mozilla’s official add-on download site were recently discovered to contain trojans. Despite the ability of commercial anti-virus Products to detect the trojans since 2008, The Register reported that “…a scanning tool used by Mozilla to vet add-ons during upload failed to catch the malicious files.” Here is what Mozilla had to say in a recent blog post:
Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.
Apparently, the addition of two additional malware detection tools to its validation chain is what allowed Mozilla to discover the most recent infected add-on:
AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader.
Mozilla reports that no other instances of malware have been found.
Here’s a list of anti-virus software known to detect the trojans in the infected add-ons: