OMEN
02-19-2008, 10:41 AM
Drive-by defender stymies access to sites for DownThemAll, Firebug extensions
The new Firefox 3.0 anti-malware tool that debuted last week in Beta 3 is blocking users from reaching the Web site for a popular add-on to the open-source browser. Another add-on site, blocked last week, has since been cleared.
One of the sites, downthemall.net, acknowledged that had served users malicious code, but said it had purged its pages of malware. The site supports the Firefox extension DownThemAll, one of several download manager add-ons for the browser. Firefox users can now steer to the site.
The second URL, joehewitt.com, is the online locale for the even-more-popular Firebug extension, a CSS, HTML and JavaScript editor and debugger. As of 3 p.m. EST Monday, the domain was still blocked by Firefox 3.0 Beta 3, which slapped its standard malware warning of "Suspected Attack Site!" on the screen.
Both sites were barred by Firefox because they had been tagged for pushing malware, or including links that did so, by Google Inc. Firefox 3.0 Beta 3's Malware Protection feature relies on a blacklist provided by Google to stymie access to potentially dangerous Web sites.
Last week, the DownThemAll site confirmed that it had been fingered by Google, but said it is now clean. "After a complete check up of the site structure, we've found that an attacker had exploited a WordPress vulnerability to inoculate unauthorized code into our theme," the site said in a statement. "This code contained links to a site which tried to install malicious code on visitor's computer."
DownThemAll claimed that the vulnerability affected several older editions of Windows, including Windows 98, Windows Millennium and Windows 2000. "Furthermore, it is believed that Firefox users weren't at risk at all," the site said. Its operators did not reply to a request for comment and clarification.
The joehewitt.com site, however, remained inaccessible using Beta 3. Stopbadware.org, a group created by Google, Chinese computer maker Lenovo Group Ltd. and Sun Microsystems Inc., listed a brief item about the Firebug site in its database: "Google has found that some portion of joehewitt.com/ contains or links to badware or otherwise violates Google's software guidelines," the notice read. Hewitt did not immediately respond to questions posed via e-mail; it's unknown whether the Google designation and Firefox 3.0 block are, in fact, on the money or a mistake.
Firebug is the only one of the 27 extensions that Mozilla lists in its "Recommended Add-ons" that has its listed Web site blocked by Firefox 3.0 Beta 3. An alternate address for the extension -- getfirebug.com -- has not been blocked, however.
Firefox 3.0 Beta 3's malware blocker, which was touted as the browser's most important security enhancement by Mozilla's head engineer last week, is designed to prevent users from surfing to sites that might launch drive-by exploits or host malicious code. Users can turn off the tool, which is enabled by default.
Compworld
The new Firefox 3.0 anti-malware tool that debuted last week in Beta 3 is blocking users from reaching the Web site for a popular add-on to the open-source browser. Another add-on site, blocked last week, has since been cleared.
One of the sites, downthemall.net, acknowledged that had served users malicious code, but said it had purged its pages of malware. The site supports the Firefox extension DownThemAll, one of several download manager add-ons for the browser. Firefox users can now steer to the site.
The second URL, joehewitt.com, is the online locale for the even-more-popular Firebug extension, a CSS, HTML and JavaScript editor and debugger. As of 3 p.m. EST Monday, the domain was still blocked by Firefox 3.0 Beta 3, which slapped its standard malware warning of "Suspected Attack Site!" on the screen.
Both sites were barred by Firefox because they had been tagged for pushing malware, or including links that did so, by Google Inc. Firefox 3.0 Beta 3's Malware Protection feature relies on a blacklist provided by Google to stymie access to potentially dangerous Web sites.
Last week, the DownThemAll site confirmed that it had been fingered by Google, but said it is now clean. "After a complete check up of the site structure, we've found that an attacker had exploited a WordPress vulnerability to inoculate unauthorized code into our theme," the site said in a statement. "This code contained links to a site which tried to install malicious code on visitor's computer."
DownThemAll claimed that the vulnerability affected several older editions of Windows, including Windows 98, Windows Millennium and Windows 2000. "Furthermore, it is believed that Firefox users weren't at risk at all," the site said. Its operators did not reply to a request for comment and clarification.
The joehewitt.com site, however, remained inaccessible using Beta 3. Stopbadware.org, a group created by Google, Chinese computer maker Lenovo Group Ltd. and Sun Microsystems Inc., listed a brief item about the Firebug site in its database: "Google has found that some portion of joehewitt.com/ contains or links to badware or otherwise violates Google's software guidelines," the notice read. Hewitt did not immediately respond to questions posed via e-mail; it's unknown whether the Google designation and Firefox 3.0 block are, in fact, on the money or a mistake.
Firebug is the only one of the 27 extensions that Mozilla lists in its "Recommended Add-ons" that has its listed Web site blocked by Firefox 3.0 Beta 3. An alternate address for the extension -- getfirebug.com -- has not been blocked, however.
Firefox 3.0 Beta 3's malware blocker, which was touted as the browser's most important security enhancement by Mozilla's head engineer last week, is designed to prevent users from surfing to sites that might launch drive-by exploits or host malicious code. Users can turn off the tool, which is enabled by default.
Compworld