Can a Firefox extension be spyware?

I've been getting plugged into the world of Firefox, and man, it rocks. I really like it, and I especially like that there's a huge library of different extensions that can make Firefox just about jump through flaming hoops. As I keep adding more and more, however, I'm starting to worry about whether it's possible that some of these extensions are actually spyware or viruses. Is that even possible? And if so, how do I avoid being suckered?

Dave's Answer:

Not only is that possible, but there's a known issue with a Firefox extension called numberlinks. Download and install it and as far as you can tell, it works as it's supposed to, numbering the different hypertext links on the page so you can browse the Web without a mouse. Meanwhile, however, it's also sniffing and intercepting passwords and credit card numbers, which are then sent to an external server.

Scary concept, eh?

This particular malicious spyware was first reported by Heise Security. The extension isn't one you get off the Firefox site, however, but one that arrives as spam identifying itself as "a helpful extension for Firefox". Install the extension and it loads just like the real numberedlinks extension. But it's not.

Virus experts McAfee are calling this the first FormSpy because of how it interacts with Web-based forms, but there's no doubting the malicious nature of this particular spyware.

Find out what extensions you have installed in Firefox by going to Tools --> Extensions, and you'll see something quite similar to this:

Finally, you can avoid this and the inevitable copycats that'll show up by only downloading Firefox extensions from known sites, ideally only from Mozdev.org, the official site of the Mozilla team and associated groups that help build and grow Firefox.

And, as always, be careful out there.

Oh, and if you are surfing the web - which you're obviously doing since you're here on my site! -- then you must have both a solid antivirus solution and anti-spyware solution. I recommend AVG Antivirus for the former and Spy Sweeper for the latter.

Categorized: Computer and Internet Basics (Article 6713, Written by Dave Taylor)
Tagged: firefox, firefox extensions, formspy, spyware, viruses
Previous: Why does eBay buy foreign auction sites instead of building its own?
Next: Should I have one centralized site, or lots of local sites?

Subscribe!

Never miss another Q&A article! Click to subscribe:

Comments

I've seen the infamous "MyWebSearch" on Firefox, once, on a client's Windows PC. It was scary! http://ichyware.net/nerdherd/firefox_with_myWebsearch/index.htm

Posted by: Matthew Poer at August 19, 2006 3:43 PM

I noticed that the numbered links plugin is actually listed as a download from mozdev.org (under usability)

I'm presuming that means either a) mozdev.org is not actually screening what it uploads or b) the spyware version you're talking about is actually just a copied version of the real (harmless) plugin, which has been turned into spyware and is being marketed through less guarded channels.

Either way, I'm not taking the risk.

Posted by: John at September 29, 2007 6:07 PM

I have something to say, now that you mention it, but ...

I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you for all your efforts on this Web site by buying you a cup of coffee!

I do have a comment, now that you mention it!

How can I fix too little virtual memory in Windows?

How do I install Windows XP in Boot Camp on my Mac?

How do I download photos onto my Apple iPhone?

How do I convert WMA to MP3 audio files in Windows Media Player?

How can I add a Google search box to my site?

How can I put music on my Apple iPod?

How can I get my Nintendo DS to connect to the Internet?

How do I reset my Mac OS X administrator (root) password?

Recent Entries

How can I pair a bluetooth speaker with my MacBook Pro?

Is my copy of Windows 7 "activated" and genuine?

The Scoop on Merchant Services and Credit Card Processing?

How can I change my Windows PC computer name?

Introduction to Google Docs Spreadsheets

Add Po.st Social Media (Facebook, Google Plus) widgets to your blog?

I Need Help!

Even More Help

Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and RSS Feeds
Building Web Site Traffic
Business and Management
CGI Scripts and Web Site Programming
Computer and Internet Basics
d) None of the Above
Facebook Help
Google Plus Help
HTML and CSS
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
WordPress Help

film blog - social media / blogging speaking - business blog - Colorado photography - free tech support

© 2002 - 2012 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

business blog | sitemap | link to us!