Giveaway of the Day Forums » User Favorites: Quantum Dragon

Giveaway of the Day Forums » User Favorites: Quantum Dragon 8928 Giveaway of the Day Forums » User Favorites: Quantum Dragon en-US Sun, 12 Feb 2012 12:12:45 +0000 http://bbpress.org/?v=1.0.2 hotdoge3 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72877 Thu, 18 Feb 2010 08:59:58 +0000 hotdoge3 72877@http://www.giveawayoftheday.com/forums/ <a href="http://tech.slashdot.org/story/09/06/21/1839203/Sothink-Violated-the-FlashGot-GPL-and-Stole-Code?art_pos=17" rel="nofollow">http://tech.slashdot.org/story/09/06/21/1839203/Sothink-Violated-the-FlashGot-GPL-and-Stole-Code?art_pos=17</a> "People at Sothink decided to violate the GPL by stealing a piece of core code from FlashGot and using it without even the decency of covering their tracks. It is an exact copy of a previous version of FlashGot. <a href="http://www.sothinkmedia.com/blog/clarification-and-apology-for-sothink-web-video-downloader-for-firefox-4-0/" rel="nofollow">http://www.sothinkmedia.com/blog/clarification-and-apology-for-sothink-web-video-downloader-for-firefox-4-0/</a> Armadillo isn’t a trojan in and of itself, it’s a compression utility that is often used to compress/hide malicious code in .exe’s. hotdoge3 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72783 Mon, 15 Feb 2010 23:41:01 +0000 hotdoge3 72783@http://www.giveawayoftheday.com/forums/ <a href="http://www.h-online.com/security/news/item/Mozilla-admits-to-add-on-malware-false-alarm-927460.html" rel="nofollow">http://www.h-online.com/security/news/item/Mozilla-admits-to-add-on-malware-false-alarm-927460.html</a> There is currently a controversy over the generation of false alarms amongst anti-virus vendors after Kaspersky undertook an attempt to provoke false alarms in other vendors products. Kaspersky manufactured 20 harmless files and prepared 10 of them to produce false positives. It then uploaded all 20 to the VirusTotal online scanner. acr on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72741 Mon, 15 Feb 2010 08:43:16 +0000 acr 72741@http://www.giveawayoftheday.com/forums/ @hotdoge3 theregister article is a little confusing as it states Mozilla has added the 4.0 version of the Sothink Video Downloader back to the Firefox add on site. But when you look at the site the 4.0 version is not present- <a href="https://addons.mozilla.org/en-US/firefox/addons/versions/6541" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addons/versions/6541</a> Also, there is mention of some confirmation by McAfee that the suspect file was a false positive. Here's the latest VirusTotal report for nsCatcher.dll. <a href="http://www.virustotal.com/analisis/3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2-1265846698" rel="nofollow">http://www.virustotal.com/analisis/3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2-1265846698</a> So it looks like McAfee has removed the flag. But now Nod32 does flag the dll although Nod32 found the it clean a few days back. Here's the report from a few days ago when McAfee flagged the dll and Nod32 found it clean. <a href="http://www.virustotal.com/analisis/3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2-1265538229" rel="nofollow">http://www.virustotal.com/analisis/3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2-1265538229</a> Here's the VT report concerning the May 2008 nsCatcher.dll- <a href="http://www.virustotal.com/analisis/b3dceabe00b518176c8c84e64dc4a3fb" rel="nofollow">http://www.virustotal.com/analisis/b3dceabe00b518176c8c84e64dc4a3fb</a> hotdoge3 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72728 Mon, 15 Feb 2010 01:36:02 +0000 hotdoge3 72728@http://www.giveawayoftheday.com/forums/ <a href="http://www.theregister.co.uk/2010/02/11/firefox_add_on_false_alarm/" rel="nofollow">http://www.theregister.co.uk/2010/02/11/firefox_add_on_false_alarm/</a> Trojan were wrong and down to a false positive triggered by an anti-virus scanner used by Mozilla (only one anti-virus did a check re check is ok, may be next time check with virustotal ? delenn13 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72535 Thu, 11 Feb 2010 23:35:44 +0000 delenn13 72535@http://www.giveawayoftheday.com/forums/ NP, Robert. Bill, even, did a tweet about them after the experiment and thanked them. I saw the offending post Sunday morning but I didn't have the time to do anything before church. By the time I got back, it had been taken down. NOW I remember why I didn't have anything for 4free. Thanks for the memory jog. And If Wondershare or So Think decide to give away more of their programs here, I will surely think about downloading them if I need them. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72530 Thu, 11 Feb 2010 22:44:37 +0000 Robert 72530@http://www.giveawayoftheday.com/forums/ I understand your reasons for not wanting to be part of all this...kinda explains your silence.. still, posting links to 4free,even thanking them implies a general approval. Sometimes taking sides or standing up for someone or something is an honorable thing to do,think about that. But you did do some excellent research on the Sothink matter.And I hope do you provide us with details on the original 2008 Hunting Blog post,boldly copied and pasted to cause sensation. I'd like to add this thread is not supposed to be starting a war,it's about having an opinion on malpractices on the web. Thanks for joining in, Delenn. Somehow I had a feeling no one really cared... And I guess you were one of the few wanting to inform BillpStudios. :) Again,please do not lock this thread. Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72478 Thu, 11 Feb 2010 15:06:50 +0000 Paul F. Quantum AKA "The Dragon" 72478@http://www.giveawayoftheday.com/forums/ I do not know why parts of the internet have becomed a sort of mud sligging contest and I want no part of it. As a retired person, I do on the web as I did while I was working, I will listen to one and all and then decide for myself as I cannot be boxed as a "fan boy" because I know I am an explorer. I am not always happy about the state of affairs on the internet and when I see a "real" violation of rights, I will report directly to the one being violated (if that is possible) as I feel no need to stroke my ego by starting a war (flames, mud sligging or other). And that "list" is on the web because somebody (oncallnerd.com) posted it there and it bears investigating further carefully in a courteous and timely manner. But as they say: Takes all kinds to make the world as it is! delenn13 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72462 Thu, 11 Feb 2010 12:47:38 +0000 delenn13 72462@http://www.giveawayoftheday.com/forums/ Thanks Robert! Wish GOTD had a "thumbs up". I saw that also. And I have to admit it was tempting But I didn't. I wondered why they told Bill..... then as they were patting themselves on their back for being such a conscientious blogger THEN posted the link for the "freebie" for their followers. Seemed a bit snarky/tacky to me. And as far as that "list" goes...saying it's all junk. I beg to differ. I have gotten some GREAT stuff from Wondershare and So Think..and a few others on that so called "Hall of Shame" list. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72457 Thu, 11 Feb 2010 08:47:00 +0000 Robert 72457@http://www.giveawayoftheday.com/forums/ If no one else minds I'd like to stay this thread open. Now don't take this personally,but it would be nice if you gave this a thought. Since you are so eager to link to your friends at 4free,I assume you agree with some of their dodgy software 'offerings' too. And no ,I'm not talking about revealing covermount software registrations. Though it sometimes pisses me off that by the time I get some magazines ,the software no longer can be registered due to the limited no of licenses. No it's far worse than that. I suppose we all remember <a href="http://www.giveawayoftheday.com/forums/topic/6950">The Great 99 Cent Software Experiment of 2010-WinPatrol Plus</a>. A very generous offer from Bill by BillpStudios ,which most of us were eager to take advantage of. Now 4free wrote a very heart touching ...but three-faced story about that. (Don't worry I clipped the story) They even fooled Bill to say thanks to them. What they didn't mention to Bill however, was they published an 'anonym.to" link in that same story providing access to a webpage displaying both registration numbers of WinPatrol and TaskCatcher. Now I wonder how low can you get... And no I don't care if you couldn't care less about Gotd members and companies being dragged through the mud. I guess we all have different standards we live up to. Don't worry though I made a copy to Bill about it,now it's up to him. And usually I am a nice person,trying to help people out ..although I've been having second thoughts about that lately. This might not be written in your eloquent way of writing evading the main subject,but I guess you (and others) get my drift. Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72448 Thu, 11 Feb 2010 00:25:36 +0000 Paul F. Quantum AKA "The Dragon" 72448@http://www.giveawayoftheday.com/forums/ I can safely say this thread can be closed now as this subject has been established as a false alert pushed forward by a journalist who likes shocking instead of helping. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72430 Wed, 10 Feb 2010 21:10:07 +0000 Robert 72430@http://www.giveawayoftheday.com/forums/ Well your opinion on 4free certainly differs from mine... It is funny somehow ,seeing a bunch of red cheeked wiz kids 'offering' a commercial Sothink program for free right now,after the damage they've done to that company and others. Their site might become worth visiting though ...once some of the 'admins' learn how to deal with and accept criticism. Not to mention to double check their accusations before making them public by looking at the date some statements were made earlier ,even from respectable sources. That is without dragging people's names through the mud first for imaginary reasons. I've seen it all happening to another member of Gotd also, way back... and to Gotd on a regular basis. But maybe there's still a chance for them to become a respectable reference on the web ...but at this moment it's still a long way to go. Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72418 Wed, 10 Feb 2010 16:29:57 +0000 Paul F. Quantum AKA "The Dragon" 72418@http://www.giveawayoftheday.com/forums/ As I have always suspected, this trojan was a false positive and Mozilla has issued a statement on the situation that you can see here: <a href="http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/">Mozilla update on the Sothink affair</a> Thanks to Alan Baxter and <a href="http://for-free-on-internet.com/2010/02/sothinks-name-cleaned-on-amo-but-is-there-a-stolen-code-problem-the-scumbags-hall-of-shame-part-3/#comment-14663">The 4Free team and community</a> for letting us know. I view this in a way similar to icerabbit and feel like "Journalism" has been changed into a way to shock instead of a way to search for the truth and that is what is really sad! icerabbit on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72377 Tue, 09 Feb 2010 20:55:57 +0000 icerabbit 72377@http://www.giveawayoftheday.com/forums/ I agree. And I want to point out that I have no issue with the poster, information posted nor any of the comments from others. My comment was solely about PC World - I should have made that clear(er). I think it is a least a little bit sensationalist of the author and PC World to run the story the way they did. Which is I think what we all agree on. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72374 Tue, 09 Feb 2010 20:14:15 +0000 Robert 72374@http://www.giveawayoftheday.com/forums/ Maybe. The mods are free to remove the link. Main thing is ,reproducing a 2008 list as being a 'hot' issue is a poor way to blog. Discrediting GOTD because of alleged censorship,well...people should make up their own mind about that. My 2cents anyway. icerabbit on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72371 Tue, 09 Feb 2010 19:50:11 +0000 icerabbit 72371@http://www.giveawayoftheday.com/forums/ This news article does way more bad than good, in highlighting this issue and it is not helped by the fact that the author only mentions this was a brief issue in 2008 in the fourth paragraph. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72367 Tue, 09 Feb 2010 18:57:34 +0000 Robert 72367@http://www.giveawayoftheday.com/forums/ Thanks Paul...but it seems that I'm not the only one to say thanks. By the way here's an almost identical list that ,funny enough ,dates way back: <a href="http://oncallnerd.com/blog-spam-hunt/" rel="nofollow">http://oncallnerd.com/blog-spam-hunt/</a>. So obviously someone is digging up dirt from the past...to add to the present confusion in regard to all of the companies listed. I guess that same someone refers to the giveaways over here as 'another funny joke' and is getting edgy because of his comments being censored by GOTD ...by 'ignorance'... acr on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72273 Mon, 08 Feb 2010 05:51:27 +0000 acr 72273@http://www.giveawayoftheday.com/forums/ SoThink removed the infecting file from its program with its update. And SoThink reported in its change log that the reason for the update was due to "mis-reports" of antivirus programs, ie false positives. The timing of the February 2008 release was apparently at a time the malware (LDpinch or variant there of) was not yet detected by most major antivirus vendors. And the suspect file in the program was removed with a new release once vendors started alerting to the malware as opposed to submitting the file for review. And now it appears the suspect file was actually malware, not "mis-reports" as claimed by SoThink. What information did SoThink have to conclude the suspect file was "mis-reports"? And what motivation did SoThink have to decide not to have the file reviewed as a false positive by the different antivirus companies? From Microsoft- <blockquote>PWS:Win32/Ldpinch.gen Summary PWS:Win32/Ldpinch.gen is generic detection for PWS:Win32/Ldpinch, a family of password-stealing trojans. This trojan gathers private user data, such as passwords, from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.</blockquote> Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72267 Mon, 08 Feb 2010 04:02:34 +0000 Paul F. Quantum AKA "The Dragon" 72267@http://www.giveawayoftheday.com/forums/ Of course! And for the record, I did not say Avast and AVG were considered authorities in packed malware, I said Sophos was! What I meant with Avast and AVG is that they normally are the "first" ones to fall down the "false positive" hole. As for the 3 weeks of foreign culture, there is a saying: "To really know someone, walk a mile in their shoes", well, in my time there, I walked many miles adapting my walk to their shoes and this is something no other experience will surpass. And again, back on track, since Sothink addressed the problem by updating the file (their choice) and took just shy of three months to do so while Mozilla took some twenty months to even acknowledge the initial report shows me that Mozilla is (Let's give it the benefit of the doubt and say "was") very lax. But of course, like you so aptly put it yourself, that is just my humble opinion. acr on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72259 Mon, 08 Feb 2010 01:42:17 +0000 acr 72259@http://www.giveawayoftheday.com/forums/ Mr. Dragon, thank you for sharing your 3 weeks of cultural experience in China. But there are a couple points I would like to make here. First, the antivirus that reported the malware on virustotal was, among others, Kaspersky and it detected the file a packed malware. When was the last time AVG or Avast were considered authorities in packed malware? On the one hand it could be viewed that 78% of the antivirus programs found the SoThink file to be clean. But on the other hand those numbers can be skewed as many of the virustotal antitvirus programs do not detect packers very well. But, probably the best antivirus at detecting packers - Kaspersky- flagged the SoThink file as malicious. From what I understand from reading the Computerworld story is that the Sothink Web Video Downloader 4.0 is the program that contained the nsCatcher.dll scanned in the virustotal link. From the story <blockquote>Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. </blockquote> I think it more than sheer coincidence that the developers issuing a new release in May 2008 fixed the "mis-reports". And that the developers decided to cure this issue with a new release as opposed to submitting the file to the different antivirus companies as a false positive. For what it's worth, here is the report from virscan.org (Kaspersky version 5.5 as opposed to version 7 on virustotal)- <a href="http://virscan.org/report/70e5aa0bca5907d0ab33a46f6e08ec8c.html" rel="nofollow">http://virscan.org/report/70e5aa0bca5907d0ab33a46f6e08ec8c.html</a> Unless I am reading the Computerworld article incorrectly, it appears that Mozilla confirmed the February-May 2008 release of the nsCatcher.dll from SoThink as malware, albeit some 20 months after the initial report from virustotal. SoThink chose to issue a new release as opposed to submit the file to different antivirus companies as a false positive- that file has been confirmed by Mozilla as malware. I don't think the chain of events is pure coincidence. But that's just my opinion, of course. Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72244 Sun, 07 Feb 2010 21:00:48 +0000 Paul F. Quantum AKA "The Dragon" 72244@http://www.giveawayoftheday.com/forums/ The virustotal test shows 7 AV finding the supposed trojan out of a total 32 AV! That's about 22% finding a virus and 78% not finding it. Of this 78%, Avast and AVG both known for many false positives did not find any and Sophos (an authority on worms, trojans and other virus) did not find any and that tells me more than the rest combined. Sothink being Chinese and very open about it ( <a href="http://www.whois.net/whois/sothink.com">Whois information here</a> ), they probably have their own way of making amends which is not going to be the way Americans/Canadians/Europeans do it. I should know as I went to China to adopt in 1992 and stayed there 3 weeks absorbing all the culture I could so with this experience behind me, I can safely say NOTHING is the same in China as everywhere else in the world! Anyway, back to the point, Sothink have made available a corrective in May of 2008 (on the 16th to be exact) acknowledging the problem in this manner: Version 4.2 — May 16, 2008 — 685 KB - Works with: * Firefox: 1.5 – 3.0b3 Fixed Bug ( * Some of anti-virus softwares misreported that it contained virus ). You can see it here (Google Cache): <a href="http://74.125.47.132/search?q=cache:aou1K7snX3QJ:https://addons.mozilla.org/en-US/firefox/addons/versions/6541+site:addons.mozilla.org+sothink+%22version+history%22&cd=1&hl=en&ct=clnk&gl=us">Mozilla Add-ons (Corrections)</a> They also responded in the link provided by acr again in May 2008 (This time on the 19th) in a post by Nicole Liu, a member of the Support Team! Now suddenly almost two full years later (February 5, 2010), we get this sudden panic about a acknowledged/repaired error and everyone wants to pick an axe, chop down this foreign monster and burn the pieces to ash for good measure. Is it a coincidence that it happens just when Sothink is becoming known for good programs, someone must sure feel threatened enough to unearth this old skeleton! So my conclusion remains that all of this is due to Mozilla's lax, after all can't they read over there or where they all so busy whizzing around like bees on a mission to address this corrected problem in May 2008 ? acr on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72241 Sun, 07 Feb 2010 20:14:52 +0000 acr 72241@http://www.giveawayoftheday.com/forums/ I read the posts on FFOI and noticed the post regarding a SoThink "false positive" from May 2008. Apparently that release was replaced with a change log indicating the reason for the upgrade being because of "mis-reports" from virustotal flagging the SoThink dll. This seems like an unusual method of dealing with a false positive. The main antivirus companies that reported were Kaspersky, Avira and Prevx. Here is the virustotal report- <a href="http://www.virustotal.com/analisis/b3dceabe00b518176c8c84e64dc4a3fb" rel="nofollow">http://www.virustotal.com/analisis/b3dceabe00b518176c8c84e64dc4a3fb</a> Apparently this is SoThink's response- <a href="http://www.sothinkmedia.com/phpBB2/viewtopic.php?p=1367&highlight=trojan#1367" rel="nofollow">http://www.sothinkmedia.com/phpBB2/viewtopic.php?p=1367&highlight=trojan#1367</a> From the VT report you can see that Kaspersky, Gdata and F-Secure all report the same malware name and I am assuming that is because Gdata and F-Secure used Kaspersky signatures at the time. So this is really just one antivirus flagging from three different programs. Avira also reports a hit and Webwasher-Gateway hits although I am not sure which antivirus program WG used at the time. It may have been McAfee although I believe WG uses Avira now. So it may have been an Avira signature- I really am not sure. Prevx also flags the dll as malicious. Cat-Quickheal also flags the dll and I am not familiar with the Cat-Quickheal program (I have heard of it but never used it). So from the above, for the sake of argument, let's assume Kaspersky, Avira and Prevx flag the SoThink dll as malicious. All three of these companies correct false positives although Avira has a reputation of being the slowest to do so. Prevx has a reputation of correcting a false positive within 24 hours or less; Kaspersky will also correct false positive flags, especially those found as Armadillo packers, as appears to be the case here. Instead of SoThink offering a new version of their program they should have simply submitted the suspect file to the above companies as a false positive. What would have been done then is that each of the av companies would have investigated the dll and then decided whether to keep flagging it or mark it as safe. I'm not saying whether the May 2008 program was malware or not. But a better practice for SoThink would have been to submit the file to the different av companies for review as a false positive. Robert on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72220 Sun, 07 Feb 2010 11:59:02 +0000 Robert 72220@http://www.giveawayoftheday.com/forums/ This must be yet another Big Gooseberry season... My suggestion to those who fancy spreading lists discrediting good companies( ..as they did in the past,and probably will do again next year) or those looking for other ways to get at them: why not invite people to put the entire internet in a big hosts file... ...but maybe then they'll start complaining people don't visit their websites anymore... of course there would be no forum spamming either. :) As far as forum spamming is concerned ,I'm all in favor of the way Graylox is handling the problem ..."wotting" spammers. I hope your post gets through Paul.I won't bother posting. Violet4714 on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72211 Sun, 07 Feb 2010 08:36:49 +0000 Violet4714 72211@http://www.giveawayoftheday.com/forums/ finding an infected add-on didn't surprise me... finding out that Mozilla said it's sole AV scanner was ClamAV did... <a href="http://www.pcworld.com/article/188651/malicious_firefox_addons_installed_trojans.html?tk=nl_dnx_h_crawl" rel="nofollow">http://www.pcworld.com/article/188651/malicious_firefox_addons_installed_trojans.html?tk=nl_dnx_h_crawl</a> as far as SourceTec (Sothink)...with the number of giveaways they've gifted us with, and the feedback being mostly positive, i'd be stunned if any were infected: there would've been thousands screaming (whether here, other sites, or blogs)... my two cents... giveawayfan on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72210 Sun, 07 Feb 2010 08:22:25 +0000 giveawayfan 72210@http://www.giveawayoftheday.com/forums/ No updates from the company since last 2 days about the malware. The more time it takes to make any announcements, the higher the chance its own customers will pull out their support. Paul F. Quantum AKA "The Dragon" on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72199 Sun, 07 Feb 2010 00:29:24 +0000 Paul F. Quantum AKA "The Dragon" 72199@http://www.giveawayoftheday.com/forums/ Like I already posted on <a href="http://for-free-on-internet.com/">for-free-on-internet.com</a>, an interesting community of which I am a member, this may be a way to scare non-technical Internet users and shoot down an up and coming young company. My contribution is awaiting moderation at the moment on for-free as for them, it is already Sunday morning @ 2:22 AM, while I write this! My comments will be shown here <a href="http://for-free-on-internet.com/2010/02/the-scumbags-hall-of-shame-part-2-sothink-confirmed-on-the-list-update-from-alok-and-franck/#comment-14545">Hall of shame - Sothink on the list ?</a> later but I felt this was too important to wait and that it should be read by as many people as possible so here is the transcript right here: About SourceTec (Sothink) This is the easiest way to shoot down a rising company, just hint that a virus/trojan was in one of their offerings and people will flee it like the plague! Since this was in the Add-ons @ Mozilla and NOT on the main Sothink site (my version (5.7) came from there directly) and since the Mozilla vigilance was very lax (from the meaning: lacking in rigor or strictness), who can really say if it came from SourceTec/Sothink? You cannot blame SourceTec/Sothink for this Mozilla blunder! Mozilla Add-ons site's security/checking protocol looked (until this incident) more like an open barn door policy than a real secure site and that can lead to nightmares not just for users but also for decent companies and Mozilla itself. I hope Mozilla gets its act together, stops being lax and does not take security for granted in the future. With the sheer number of contributors Mozilla has, their site is akin to an airport. Well, an airport which is lax with its security protocol and that exhibits open barn door nonchalance does not bode well for safety. Following this announcement, I made a "Full and deep" safety sweep/scan with my Antivirus that took twelve hours (I have two internal and three external Hard Drives) and it came up empty on the trojan front. I also checked with VirusTotal ( <a href="http://www.virustotal.com/">http://www.virustotal.com/</a> ) and it too came up empty! So as a final piece of advice, you should run both your Antivirus (you have one, I hope!) and also get an outside opinion (like VirusTotal) before carrying torches and putting fire to a good company! acr on "SoThink Trojan in Firefox Add On" http://www.giveawayoftheday.com/forums/topic/7000#post-72157 Sat, 06 Feb 2010 00:14:22 +0000 acr 72157@http://www.giveawayoftheday.com/forums/ SoThink has been featured on GAOTD several times so I thought the recent news from Mozilla is relevant. <blockquote>Mozilla confirms infected Firefox add-ons slipped through security Malware hidden in two extensions threatens Windows users By Gregg Keizer February 5, 2010 06:50 AM ET Top Stories Computerworld - Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users. The add-ons have been removed from Firefox's official add-on download site. According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the "experimental" area of Firefox's add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning. Master Filer was downloaded about 600 times in the five months ending Jan. 25, when it was pulled from the site. Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. The most up-to-date version of the latter, which captures streaming videos in a variety of formats, is 5.7. Any Windows users who installed one of the two add-ons would have also silently executed the Trojan, which would then infect the PC. Mac and Linux users who installed the add-ons were not affected. Mozilla acknowledged that its security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog. "This scanning tool failed to detect the Trojan in Master Filer." After adding more scanning tools to the process, a rescan of all add-ons uncovered the attack code embedded in Sothink Web Video Downloader 4.0, which was yanked from the download site Tuesday. Mozilla urged users who downloaded the add-ons to uninstall them and, because that doesn't scrub the Trojan from the system, to also run an antivirus scan to detect and delete the malware. Little could be found on the Web about the author of Master Filer, identified as "haklinim," other than that he or she used an anonymous proxy server in Japan to shunt traffic to a developer biography, which Mozilla has also deleted. SourceTec Software, which makes Sothink Web Video Downloader, is based in China, according to the phone number listed on its Web site. The company did not reply to a request for comment or an explanation of how its add-on was infected. Mozilla also was unavailable late Thursday to respond to questions, including why the infected Sothink Web Video Downloader add-on was not detected in 2008, and whether it planned to reach out to users who had downloaded the tainted extensions. Although Mozilla has removed both add-ons from its download site, post-4.0 editions of Sothink Web Video Downloader remain available on other download sites. It's unknown how many copies of version 4.0 of the add-on were downloaded and installed from non-Mozilla sources, such as CNet's Download.com. This is not the first time that Mozilla has missed malware in an add-on. In May 2008, it admitted a worm inside a Vietnamese language add-on had gone undetected for months, and had been downloaded nearly 17,000 times. The then-head of Mozilla's security, Window Snyder, called the impact on users "limited." After the worm snafu, Snyder said Mozilla would boost the number of times it scanned files for malware, and would also up the frequency of scans of its entire add-on catalog "to address this sort of case in the future." Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. </blockquote> <a href="http://www.computerworld.com/s/article/9152578/Mozilla_confirms_infected_Firefox_add_ons_slipped_through_security?source=rss_security" rel="nofollow">http://www.computerworld.com/s/article/9152578/Mozilla_confirms_infected_Firefox_add_ons_slipped_through_security?source=rss_security</a> notblocklox on "Medical PIM alternatives to Smart Diary Suite" http://www.giveawayoftheday.com/forums/topic/4312#post-46342 Tue, 25 Nov 2008 19:46:38 +0000 notblocklox 46342@http://www.giveawayoftheday.com/forums/ Yep :) Archangel on "Medical PIM alternatives to Smart Diary Suite" http://www.giveawayoftheday.com/forums/topic/4312#post-46341 Tue, 25 Nov 2008 19:18:34 +0000 Archangel 46341@http://www.giveawayoftheday.com/forums/ Thanks for the link graylox. And did you check out the price? $10.00 and it even graphs. Looks like a much better deal. notblocklox on "Medical PIM alternatives to Smart Diary Suite" http://www.giveawayoftheday.com/forums/topic/4312#post-46326 Tue, 25 Nov 2008 09:13:35 +0000 notblocklox 46326@http://www.giveawayoftheday.com/forums/ Okay, the SmartDiary-Giveaway-Day is over, however, sometimes a user comes back to find an alternative to the Giveaway. I just remembered this : <a href="http://www.programming.de/superdiary.php" rel="nofollow">http://www.programming.de/superdiary.php</a> Though it is shareware you can use it without limitations. Quote from the developer: ... * That means: you can try the program as long as you like. * The program is not limited or crippled in it's features in the trial version and the trial version does not expire. * There are no disabled features, no annoying popup windows, no hidden spyware or adware features (the only difference is a splash screen, asking you to register if you use it regularly). ... Unquote graylox notblocklox on "Medical PIM alternatives to Smart Diary Suite" http://www.giveawayoftheday.com/forums/topic/4312#post-46310 Tue, 25 Nov 2008 01:39:43 +0000 notblocklox 46310@http://www.giveawayoftheday.com/forums/ Hi, watcher13 and welcome to the forums. Many thanks for trying to help. Though I am one of the users who wrote about the missing FM-part in this program, I do not think I actually will use a computer program to monitor my illness. It is hard enough to cope with FM in daily life so I am not motivated at all to print charts which show me in red and blue how crappy I'm feeling. Sorry this is such a day :( However, sometimes is a diary needed, for new meds e.g., then I use a long time proofed method: p&p - pen and paper; it's portable, you don't need a blackberry version or an update. My doc has learnt my handwriting as I had to learn his. You can get med-/pain-diaries from your doc, therapist, pharmacist, insurance, FM-Association for € 0.00. I admit that others have other requirements. a link with sample logs for a diary <a href="http://chronicfatigue.about.com/od/whyfmscfsarelinked/a/track_symptoms.htm" rel="nofollow">http://chronicfatigue.about.com/od/whyfmscfsarelinked/a/track_symptoms.htm</a> <a href="http://www.fibromyalgia-symptoms.org/fibromyalgia_journal.html" rel="nofollow">http://www.fibromyalgia-symptoms.org/fibromyalgia_journal.html</a> graylox / presently notblocklox