其中一個是碩思的產品 Sothink Web Video Downloader，目前在它公司網頁上 還有這產品，Latest Version:5.7，File Size:2.68 MB Release Date:Jan 27th, 2010。 http://www.sothinkmedia.com/web-video-downloader-firefox/index.htm 台灣有很多學校學生不管是買的或是私下來源，採用這公司的另一個產品 Sothink SWF Decompiler 碩思閃客精靈，許多網站有在賣，但這次出問題的產品 在公司網頁顯示是Free且是GNU License http://www.softking.com.tw/soft/clickcount.asp?fid3=25314 http://www.softking.com.tw/soft/clickcount.asp?fid3=14683 先前採用碩思閃客精靈來解析Swf 檔，就常常會發生防毒軟體警告有木馬，特別 有經過對岸加工過的中文化版本最常有木馬警報，且一直以來就有傳聞會偷裝後 門。 雖然在Mozilla 顯示版本大於4.0可能未含木馬，但是無法完全確保沒問題， 有人就批判怎會讓有問題的Experimental add-on上傳到Mozilla 網站？且 碩思自家在同一時間就已經更新到5.7版次，是否明知有木馬而沒告知並從 Mozilla 網站移除？ 就公告內容來看，顯示有人知道Mozilla對於Add-on掃瞄防範措施細節從而 能特製能閃躲偵測的木馬。 目前公告能掃出木馬的有Antiy-AVL、Avast、SVG、GData、Ikarus、 K7AntiVirus、McAfee、Norman、VBA32 等幾家防毒軟體。其中McAfee有提 供免費線上掃毒服務，有裝過木馬Add-on 的就自己清清毒吧﹙最好是用別 種Browser 來執行﹚，手中有防毒軟體公司特製的Rescue CD就更好拿來光 碟開機掃毒 。 http://home.mcafee.com/Downloads/FreeScan.aspxAntiy-AVL 其他額外的免費線上掃毒服務 http://www.avast.com/eng/down_cleaner.html http://www.eset.com/onlinescan/ http://support.f-secure.com/enu/home/ols.shtml http://www.kaspersky.com/virusscanner http://kaspersky.kl.edu.tw/webscan/kavwebscan.html http://tw.trendmicro.com/tw/products/personal/house-call/ http://onecare.live.com/site/zh-tw/default.htm http://www.bitdefender.com/scanner/online/free.html Issue Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO. Impact to users If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections. Status This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected. Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010. AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered. ※ 引述《geniusgia ()》之銘言： : Mozilla blog公告發現以下兩個套件被發現有木馬程式,並說明uninstall不會 : 移除木馬,還要用防毒軟體來掃 : 1. Sothink Web Video Downloader[Version 4.0] : 2. Master Filer[All version] : 詳情請看: : http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 123.204.131.97 ※ tedcat:轉錄至看板 AntiVirus 02/07 00:05