作者raphael0612 (翔)
看板Browsers
標題Re: [-Fx-] 二個套件被發現有木馬程式
時間Sat Feb 6 23:57:47 2010
其中一個是碩思的產品 Sothink Web Video Downloader,目前在它公司網頁上
還有這產品,Latest Version:5.7,File Size:2.68 MB
Release Date:Jan 27th, 2010。
http://www.sothinkmedia.com/web-video-downloader-firefox/index.htm
台灣有很多學校學生不管是買的或是私下來源,採用這公司的另一個產品
Sothink SWF Decompiler 碩思閃客精靈,許多網站有在賣,但這次出問題的產品
在公司網頁顯示是Free且是GNU License
http://www.softking.com.tw/soft/clickcount.asp?fid3=25314
http://www.softking.com.tw/soft/clickcount.asp?fid3=14683
先前採用碩思閃客精靈來解析Swf 檔,就常常會發生防毒軟體警告有木馬,特別
有經過對岸加工過的中文化版本最常有木馬警報,且一直以來就有傳聞會偷裝後
門。
雖然在Mozilla 顯示版本大於4.0可能未含木馬,但是無法完全確保沒問題,
有人就批判怎會讓有問題的Experimental add-on上傳到Mozilla 網站?且
碩思自家在同一時間就已經更新到5.7版次,是否明知有木馬而沒告知並從
Mozilla 網站移除?
就公告內容來看,顯示有人知道Mozilla對於Add-on掃瞄防範措施細節從而
能特製能閃躲偵測的木馬。
目前公告能掃出木馬的有Antiy-AVL、Avast、SVG、GData、Ikarus、
K7AntiVirus、McAfee、Norman、VBA32 等幾家防毒軟體。其中McAfee有提
供免費線上掃毒服務,有裝過木馬Add-on 的就自己清清毒吧﹙最好是用別
種Browser 來執行﹚,手中有防毒軟體公司特製的Rescue CD就更好拿來光
碟開機掃毒 。
http://home.mcafee.com/Downloads/FreeScan.aspxAntiy-AVL
其他額外的免費線上掃毒服務
http://www.avast.com/eng/down_cleaner.html
http://www.eset.com/onlinescan/
http://support.f-secure.com/enu/home/ols.shtml
http://www.kaspersky.com/virusscanner
http://kaspersky.kl.edu.tw/webscan/kavwebscan.html
http://tw.trendmicro.com/tw/products/personal/house-call/
http://onecare.live.com/site/zh-tw/default.htm
http://www.bitdefender.com/scanner/online/free.html
Issue
Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader
and all versions of Master Filer were found to contain Trojan code aimed
at Windows users. Version 4.0 of Sothink Web Video Downloader contained
Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose
Trojan. Both add-ons have been disabled on AMO.
Impact to users
If a user installs one of these infected add-ons, the trojan would be
executed when Firefox starts and the host computer would be infected by
the trojan. Uninstalling these add-ons does not remove the trojan from a
user’s system. Users with either of these add-ons should uninstall them
immediately.
Since uninstalling these extensions does not remove the trojan from a
user’s system, an antivirus program should be used to scan and remove
any infections.
Status
This vulnerability is known to affect Firefox on Windows only, if either
Master Filer or Version 4.0 of Sothink Web Video Downloader are installed.
Versions of Sothink Web Video Downloader greater than 4.0 are not
infected. Master Filer was downloaded approximately 600 times between
September 2009 and January 2010. Version 4.0 of Sothink Web Video
Downloader was downloaded approximately 4,000 times between February 2008
and May 2008. Master Filer was removed from AMO on January 25, 2010 and
Version 4.0 of Sothink Web Video Downloader was removed from AMO on
February 2, 2010. AMO performs a malware check on all add-ons uploaded to
the site, and blocks add-ons that are detected as such. This scanning
tool failed to detect the Trojan in Master Filer. Two additional malware
detection tools have been added to the validation chain and all add-ons
were rescanned, which revealed the additional Trojan in Version 4.0 of
Sothink Web Video Downloader. No other instances of malware have been
discovered.
※ 引述《geniusgia ()》之銘言:
: Mozilla blog公告發現以下兩個套件被發現有木馬程式,並說明uninstall不會
: 移除木馬,還要用防毒軟體來掃
: 1. Sothink Web Video Downloader[Version 4.0]
: 2. Master Filer[All version]
: 詳情請看:
: http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 123.204.131.97
※ tedcat:轉錄至看板 AntiVirus 02/07 00:05
推 knight00931:感謝分享 02/07 10:57
推 richjf:Avast不錯哦 02/07 16:25
→ bobchao:Experimental 的東西本來就可以上傳了... 02/10 09:33
→ bobchao:因為實驗中套件就是要傳上去讓大家 peer review 的 02/10 09:34
→ bobchao:Firefox 附加元件視窗中搜尋不到實驗中套件、到AMO上下載 02/10 09:34
→ bobchao:也還得勾選確定要安裝實驗中套件才能裝, 我自己覺得夠了 02/10 09:35