The default bug view has changed. See this FAQ.

Block SweetIM toolbar (Malware Issue) and website

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: David Weir (satdav), Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [squeaky])

(Reporter)

Description

5 years ago
what is the chance of getting the sweetim toolbar as blocklisted it is coming up on all websites what is is a malware toolbar 

it was on my grans machime for examplewh when she never installed it
(Reporter)

Comment 1

5 years ago
http://sweetim.sweetpacks.com/ for full details
(Reporter)

Updated

5 years ago
Severity: major → normal
(Reporter)

Comment 2

5 years ago
Link to the internet search i done

https://isearch.avg.com/search?cid={E5AB174F-1A6B-4BB2-8F93-FF8F222BF9E9}&mid=dcd16a6af59d47d098d0c94a354eebb0-a274b711aba3314c4dc98391299627c452309086&ds=AVG&lang=en&v=12.2.5.34&pr=fr&d=2012-07-01%2015:11:27&sap=dsp&q=sweetim+toolbar+malware
Kris, please look into this toolbar and let us know what you discover.
(Reporter)

Updated

4 years ago
Summary: Block SweetIM toolbar and website → Block SweetIM toolbar (Malware Issue) and website
Yeah, it's definitely a silent install. Wouldn't be surprised if it comes bundled as tag-along crapware with something else. The installer from the linked site changes the homepage, the newtab page, the keyword URL, and the default search engine, too. Disable it from about:addons and it gives you a confirmation (https://people.mozilla.com/~kmaglione/images/d8aecdf2716894b0.png) Urgh. And a second confirmation (https://people.mozilla.com/~kmaglione/images/7d37e927d1e90e4d.png) Doesn't reset the above changes regardless.

On the other hand, its fancy home page/new tab page is blinking at me and saying I've got an unclaimed prize, which seems to be a blinking iPad. \o/

ID: {EEE6C361-6118-11DC-9C72-001320C79847}

It also installed some crapware called DealPly in the process. Not exactly sure what it does. It hasn't shown up in about:addons yet. I think it's an external application that watches what I'm browsing and will eventually open an external popup window.
(Reporter)

Comment 5

4 years ago
Kris can we get this blocked ASAP if possible

I would do it in a whole for all Firefox and os
We won't block it immediately because we want to contact the developers first and try to get them to fix the problem. Also, I'll be away at a MozCamp for the remainder of the week, so don't expect much activity on this bug until next week.
I contacted the developers. If they don't reply within a week, we will proceed with the block.
Whiteboard: [squeaky]
Softonic installers are installing this too now.
Blocks: 812295
Just as one more data point, Web Of Trust has some comments on this toolbar/site:
 "Changed my browser home page ( without permission ) to sweetim search page."
 "Installed without permission apparently as part of divx install"
 "The program is often hidden in freeware software."
https://www.mywot.com/en/scorecard/sweetim.sweetpacks.com
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i236
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED

Comment 11

4 years ago
Sweetpacks and SweetIM are intrusive and insidious. I got them without permission after downloading KMplayer via Softonics. They affected not only Mozilla, IE and Chrome, but they also disabled my Avira Premium 'Web Protection' service. 

Mozilla is my primary browser and Sweetpacks didn't appear for a few days so I was unaware it had installed itself. I didn't understand why Avira wasn't working properly until I saw and removed Sweetpacks, then the Avira 'Web Protection' started immediately. 

I deleted every reference to Sweetpacks and SweetIM from the registry.

Someone should look into the payoff for this malware to see what information has been gleaned and what other possible damage may have occured. Disabling antivirus services is serious.

Comment 12

4 years ago
RMH, Firefox is not anti-malware software and blocklisting its add-on part is the only thing Mozilla can do.
See also https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware#w_how-do-i-prevent-malware-from-being-installed

Comment 13

4 years ago
(In reply to Scoobidiver from comment #12)
> RMH, Firefox is not anti-malware software and blocklisting its add-on part
> is the only thing Mozilla can do.
> See also
> https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-
> malware#w_how-do-i-prevent-malware-from-being-installed

Scoobidiver, I also posted the same comment to an Avira forum. My intent was that all parties affected be aware that Sweetpacks and SweetIM are more than a simple annoyance, they are potentially dangerous and should be taken seriously.
This block has been updated to cover all versions < 1.8. Version 1.8 addresses the main reasons we decided to block this add-on in the first place.
See Also: → bug 881447
(Assignee)

Updated

a year ago
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.