Closed Bug 806345 Opened 12 years ago Closed 12 years ago

Block SweetIM toolbar (Malware Issue) and website

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: david.weir, Unassigned)

References

Details

(Whiteboard: [squeaky]) 

what is the chance of getting the sweetim toolbar as blocklisted it is coming up on all websites what is is a malware toolbar 

it was on my grans machime for examplewh when she never installed it
http://sweetim.sweetpacks.com/ for full details
Severity: major → normal
Kris, please look into this toolbar and let us know what you discover.
Summary: Block SweetIM toolbar and website → Block SweetIM toolbar (Malware Issue) and website
Yeah, it's definitely a silent install. Wouldn't be surprised if it comes bundled as tag-along crapware with something else. The installer from the linked site changes the homepage, the newtab page, the keyword URL, and the default search engine, too. Disable it from about:addons and it gives you a confirmation (https://people.mozilla.com/~kmaglione/images/d8aecdf2716894b0.png) Urgh. And a second confirmation (https://people.mozilla.com/~kmaglione/images/7d37e927d1e90e4d.png) Doesn't reset the above changes regardless.

On the other hand, its fancy home page/new tab page is blinking at me and saying I've got an unclaimed prize, which seems to be a blinking iPad. \o/

ID: {EEE6C361-6118-11DC-9C72-001320C79847}

It also installed some crapware called DealPly in the process. Not exactly sure what it does. It hasn't shown up in about:addons yet. I think it's an external application that watches what I'm browsing and will eventually open an external popup window.
Kris can we get this blocked ASAP if possible

I would do it in a whole for all Firefox and os
We won't block it immediately because we want to contact the developers first and try to get them to fix the problem. Also, I'll be away at a MozCamp for the remainder of the week, so don't expect much activity on this bug until next week.
I contacted the developers. If they don't reply within a week, we will proceed with the block.
Whiteboard: [squeaky]
Softonic installers are installing this too now.
Blocks: softonic
Just as one more data point, Web Of Trust has some comments on this toolbar/site:
 "Changed my browser home page ( without permission ) to sweetim search page."
 "Installed without permission apparently as part of divx install"
 "The program is often hidden in freeware software."
https://www.mywot.com/en/scorecard/sweetim.sweetpacks.com
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i236
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Sweetpacks and SweetIM are intrusive and insidious. I got them without permission after downloading KMplayer via Softonics. They affected not only Mozilla, IE and Chrome, but they also disabled my Avira Premium 'Web Protection' service. 

Mozilla is my primary browser and Sweetpacks didn't appear for a few days so I was unaware it had installed itself. I didn't understand why Avira wasn't working properly until I saw and removed Sweetpacks, then the Avira 'Web Protection' started immediately. 

I deleted every reference to Sweetpacks and SweetIM from the registry.

Someone should look into the payoff for this malware to see what information has been gleaned and what other possible damage may have occured. Disabling antivirus services is serious.
RMH, Firefox is not anti-malware software and blocklisting its add-on part is the only thing Mozilla can do.
See also https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware#w_how-do-i-prevent-malware-from-being-installed
(In reply to Scoobidiver from comment #12)
> RMH, Firefox is not anti-malware software and blocklisting its add-on part
> is the only thing Mozilla can do.
> See also
> https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-
> malware#w_how-do-i-prevent-malware-from-being-installed

Scoobidiver, I also posted the same comment to an Avira forum. My intent was that all parties affected be aware that Sweetpacks and SweetIM are more than a simple annoyance, they are potentially dangerous and should be taken seriously.
This block has been updated to cover all versions < 1.8. Version 1.8 addresses the main reasons we decided to block this add-on in the first place.
See Also: → 881447
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.