Mozilla on Friday pulled two programs from its Firefox browser add-on site for containing malware. Sothink Web Video Downloader 4.0 and all versions of Master Filer were found to contain Trojan horse code aimed at Windows users.

In a blog post, Mozilla stated that the Master Filer add-on was able to bypass AMO's security tests.

Mozilla user CatThief discovered the threat, it said. And when Mozilla added two more security checks to its vetting process and rescanned its entire catalog, it discovered that version 4 of the Sothink Web Video Downloader also contained a Trojan horse program. Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose.

Master Filer was removed from Mozilla's Firefox add-on site on January 25, and the Sothink video downloader was removed on Tuesday. CNET ceased hosting the Sothink add-on on Friday before noon.

Sothink Web Video Download 5.5.90819 had been a mildly popular Firefox add-on at, receiving 697 downloads in the past week and 63,716 downloads since it was first added to the site in June 2007.

Because the Trojan horse programs are tied to Firefox, Mozilla warns, host computers won't be infected until Firefox started. Uninstalling either add-on is only part of the solution, if the infection has already attacked the host computer. Mozilla recommends that users who suspect that they are infected use one of the following security applications to sweep and clean their computers after uninstalling the threatening add-on:

  • Antiy-AVL
  • Avast
  • AVG
  • GData
  • Ikarus
  • K7 AntiVirus
  • McAfee
  • Norman
  • VBA32
  • Infected users should note that only Avast and AVG are free.

    Mozilla did not immediately respond to requests for comment. We'll update this post as we learn more.