User 13 Posted March 5, 2016 Share Posted March 5, 2016 (edited) hxxp://www.eteknix.com/mozilla-bans-popular-youtube-unblocker-add/ https://bugzilla.mozilla.org/show_bug.cgi?id=1251911 Does ESET detect this Add-On as malware? Edited March 5, 2016 by User Link to comment Share on other sites More sharing options...
User 13 Posted March 6, 2016 Author Share Posted March 6, 2016 (edited) 8 months ago I created the following topic here in the forum:Suspicious files in Firefox Extension Folder Unfortunately ESET didn't answer there and also didn't answer to my submission via ESS at the same time. These files were definitely secretly installed by the Add-On "youtube unblocker".And this hidden Add-On was continously updated in the background until now. See also here:https://bugzilla.mozilla.org/show_bug.cgi?id=1161259 Wow, it looks like FINALLY the culprit of this malware has been found: bug 1251911(Yes, during the time of this bugreport I actually had YouTube Unblocker installed with version 0.6.12.)And I was right with my earlier assumption that this hidden add-on/malware has not gotten on the system via some binary but using another add-on. So it actually _IS_ possible to download another add-on via an installed add-on and bypass the "would-you-like-to-install-this-add-on"-message. This is really scary imo! Mozilla Bans Firefox Add-on That Tampered with Security Settings "Rogue add-on was altering Firefox security settings" The user analyzed the add-on's source code and found that the extension was altering the browser's default settings by installing a new user.js configuration file.This file contained options that disabled Firefox's built-in add-on signing feature. This feature prevents the browser from installing unsigned add-ons that have not been tested (and signed/certificated) by Mozilla. Code signing is recent security feature added to Firefox, which Mozilla deemed necessary to prevent situations like these.With this feature turned off, YouTube Unblocker was downloading another add-on called Adblock Converter, which Avast flagged as malware.Things got even shadier because this add-on did not appear in Firefox's standard Add-ons page (about:addons), and it re-enabled itself as soon as the user managed to disable it when starting Firefox in Safe Mode."The add-on had a history of "bad behavior"After Mozilla had investigated the user's complaint, YouTube Unblocker was removed from Mozilla's official Add-on portal. When justifying their decision, the Mozilla staff also cited another similar report from June 2015, when the add-on contained self-update code that allowed its operator to update the add-on without going through Mozilla's review process.The add-on remains available through its homepage. Before being taken down, the add-on was installed on over 250,000 Firefox browsers. Users that want to get rid of the add-on can follow these steps provided by Ghacks. Edited March 6, 2016 by User Link to comment Share on other sites More sharing options...
Recommended Posts