Industry guru Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, Google AdSense, MySpace, Sony PSP, Apple iPod, Mp3 players, management, Linux, SEO, Mac OS X, Facebook, Twitter, LinkedIn and Microsoft Windows.

SupportSpace: Immediate Live Tech Support. Free Assessment + $10 coupon!!

Can a Firefox extension be spyware?

I've been getting plugged into the world of Firefox, and man, it rocks. I really like it, and I especially like that there's a huge library of different extensions that can make Firefox just about jump through flaming hoops. As I keep adding more and more, however, I'm starting to worry about whether it's possible that some of these extensions are actually spyware or viruses. Is that even possible? And if so, how do I avoid being suckered?

Dave's Answer:

Not only is that possible, but there's a known issue with a Firefox extension called numberlinks. Download and install it and as far as you can tell, it works as it's supposed to, numbering the different hypertext links on the page so you can browse the Web without a mouse. Meanwhile, however, it's also sniffing and intercepting passwords and credit card numbers, which are then sent to an external server.

Scary concept, eh?

This particular malicious spyware was first reported by Heise Security. The extension isn't one you get off the Firefox site, however, but one that arrives as spam identifying itself as "a helpful extension for Firefox". Install the extension and it loads just like the real numberedlinks extension. But it's not.

Virus experts McAfee are calling this the first FormSpy because of how it interacts with Web-based forms, but there's no doubting the malicious nature of this particular spyware.

Find out what extensions you have installed in Firefox by going to Tools --> Extensions, and you'll see something quite similar to this:

Finally, you can avoid this and the inevitable copycats that'll show up by only downloading Firefox extensions from known sites, ideally only from Mozdev.org, the official site of the Mozilla team and associated groups that help build and grow Firefox.

And, as always, be careful out there.

Oh, and if you are surfing the web - which you're obviously doing since you're here on my site! -- then you must have both a solid antivirus solution and anti-spyware solution. I recommend AVG Antivirus for the former and Spy Sweeper for the latter.

Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Simpy.

Categorized: Computer and Internet Basics (Article 6713)
Tagged: firefox, firefox extensions, formspy, spyware, viruses
Previous: Why does eBay buy foreign auction sites instead of building its own?
Next: Should I have one centralized site, or lots of local sites?

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

I've seen the infamous "MyWebSearch" on Firefox, once, on a client's Windows PC. It was scary! http://ichyware.net/nerdherd/firefox_with_myWebsearch/index.htm

Posted by: Matthew Poer at August 19, 2006 3:43 PM

I noticed that the numbered links plugin is actually listed as a download from mozdev.org (under usability)

I'm presuming that means either a) mozdev.org is not actually screening what it uploads or b) the spyware version you're talking about is actually just a copied version of the real (harmless) plugin, which has been turned into spyware and is being marketed through less guarded channels.

Either way, I'm not taking the risk.

Posted by: John at September 29, 2007 6:07 PM

I have a lot to say, but ...

I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!