ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Mozilla jumped the gun, add-on malware turns out to be false-positive

By | February 10, 2010, 4:12am PST

Summary: Late last week Mozilla reported that it had discovered two malware-ladened add-ons for the Firefox browser being offered on the official download site. It now turns out that one of add-ons labeled as toxic was in fact clean.

Late last week Mozilla reported that it had discovered two malware-ladened add-ons for the Firefox browser being offered on the official download site. It now turns out that one of add-ons labeled as toxic was in fact clean.

The add-on in question was Sothink Video Downloader 4.0. This add-on was incorrectly labeled as malware because one of the scanners that Mozilla had used to check all the add-ons available for download threw up a false-positive.

According to a Sothink spokesperson, the error arose because of the tool used to encrypt the download (a tool called Armadillo, which has been behind other false-positive reports because it is sometimes used by malware writers to encrypt toxic code).

Note: For those out there interested in such things, here’s a Virustotal scan of the Sothink Video Downloader 4.0.

The Master Filer add-ondid still contain malware, and is believed to have infected fewer than 700 systems.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Malware, Mozilla Corp., Add-on, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
10
Comments
Add Your Opinion

Join the conversation!

Just In

RE: False Positives
branchman67 11th Feb 2010
I'm with you on this. They thought they had a problem, so they pre-emptively said "Don't download this, it MIGHT not be safe." Then they did their homework, found the issue to be a non-issue, and let everyone know. This is how you'd hope security would be run. Imagine if they'd actually had malware, but left it alone because they weren't sure yet. They'd be getting raked over the coals.
View in thread
0 Votes
+ -
Why Mozilla jumped the gun?
jscott418 10th Feb 2010
You would think Mozilla would have done more investigation before admitting that alllowed malware. That to me is more concerning then the false positive. Who is running their security?
0 Votes
+ -
Safe or sorry?
lefty.crupps 10th Feb 2010
I'd rather they are safe than sorry. If something may have malware, warn people.

That said, they should have used http://virustotal.com/ to check with multiple scanners to see if it really is an issue or not. Every A/V app has false positives at some point, but that website helps to determine if a file is indeed a concern or if the A/V is at fault (note, the http://virustotal.com/ site isn't perfect either; security threats need to be assessed by people, not by automation, IMHO.)
0 Votes
+ -
Wow... just wow...
Pete "athynz" Athens 10th Feb 2010
People bitched when it was announced and decried Mozilla as unsafe now people are bitching because they had a false positive... Personally I'd much rather them have a false positive and keep us all in the loop as they have rather than keep us in the dark. But some people are just not satisfied with anything.
0 Votes
+ -
RE: False Positives
branchman67 11th Feb 2010
I'm with you on this. They thought they had a problem, so they pre-emptively said "Don't download this, it MIGHT not be safe." Then they did their homework, found the issue to be a non-issue, and let everyone know. This is how you'd hope security would be run. Imagine if they'd actually had malware, but left it alone because they weren't sure yet. They'd be getting raked over the coals.
0 Votes
+ -
RE: Mozilla jumped the gun, add-on malware turns out to be false-positive
theewizard@... 10th Feb 2010
I made a comment last week, about the fact that sothink software is well know and respected brand, wondering about how such a file as their video down loader could have become corrupted ?

now we see , that it was not infected at all
0 Votes
+ -
RE: Mozilla jumped the gun, add-on malware turns out to be false-positive
trinidadflores 10th Feb 2010
is there anyway to bi pass this or atleast turn it off?
0 Votes
+ -
Glad they did
Fletchguy 10th Feb 2010
Its beter to be preemptive for these things then retroactive.. If it was a possible threat im glad they jumped onj it to be safe instead of waiting a month then seeing millions infected so i say good job firefox. And since the company usedf the known loader many malware distributors use shame on them for not using one thats not associated with malware.
0 Votes
+ -
A lot of people making a lot of things use Armadillo
Lerianis10 10th Feb 2010
It is an application that is used for numerous things from making game trainers to game helpers to.... a lot of other stuff.


The problem is that a lot of anti-virus companies have gotten LAZY in the extreme and mark ANYTHING made with Armadillo as a possible virus and DELETED.... usually without any user input.

The anti-virus companies are at fault here, and need to have the smackdown put on them.
0 Votes
+ -
All good, very encouraging
Tom6 10th Feb 2010
I will definitely be recommending Firefox and other Mozilla products with greater confidence after this.

OpenSource takes security a lot more seriously which bodes badly for internet security companies as OpenSource becomes more prevalent.

Good luck all and regards from
Tom happy
0 Votes
+ -
Armadillo is a known clean thing
Lerianis10 10th Feb 2010
But for some reason a lot of companies have been marking EVERY SINGLE DAMNED game trainer or helper application that uses it as being 'virus-infected'.... don't know HOW many hundreds of times I have had to fight with NIS2010 because of that marking all things that use Armadillo as viruses by 'heuristics'.... which seem to be just marking ANYTHING made with Armadillo as a virus.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix