原文代翻
Please read: Security Issue on AMO
Issue
Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.
議題
兩個實驗中的插件 Sothink Web Video Downloader V4.0 與 所有版本的 Master Filer 被發現包含針對 windows 用戶的木馬程式碼。
Sothink Web Video Downloader v4.0 包含 Win32.LdPinch.gen
Master Filer 則是 Win32.Bifrose.32.Bifrose 木馬。
目前兩個套件都被 AMO 停用了。
Impact to users
If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.
用戶衝擊
假如使用者安裝這些受感染的插件,則木馬會在火狐啟動時執行,使用者的電腦也將同時受到感染。
此時就算移除這些插件也無法將木馬從系統移除,但使用者也應該要立即移除這些插件。
而由於移除這些擴充元件並無法同時移除木馬,所以也需要使用防毒軟體來掃描並移除所有感染。
Status
This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected. Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010. AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered.
現況
該弱點只在 Windows 的火狐中有 Master Filer 或 Sothink Web Video Downloader v4.0 被安裝的情形下被認出,
Sothink Web Video Downloader 4.0 以上的版本尚未被感染。
Master Filer 在 09 年 9 月到 10 年 1 月之間被下載了接近 600 次。
Sothink Web Video Downloader 則在 08年 2月到 5月被下載了近 4000 次
Master Filer 已經在 2010 年 1 月 25 日從 AMO 上被移除,而 Sothink Web Video Downloader V4.0 則是 2010 年 2 月 2 號被移除。
AMO 有做了一個惡意軟體檢查工具在所有上傳到網站的插件,並且擋下被認為有問題的插件,但這個掃描工具在偵測 Master Filer 中的木馬時卻失靈了。
兩個額外的偵測工具已經被加入驗證序列中並且將所有的插件重新掃描一次,並沒有其他可疑軟體的狀況被發現
Credit
This issue was originally reported by CatThief.
信用
該議題由 CatThief 首先發布。
Antivirus Software
Here is a list of antivirus programs known to detect the trojans found in the affected add-ons.
以下是可以偵測出該木馬的防毒軟體。
Antiy-AVL
Avast
AVG
GData
Ikarus
K7AntiVirus
McAfee
Norman
VBA32 |
發表於 2010-2-5 23:14
| 
發表於 2010-2-5 23:31
| 
