Last Comment Bug 806345 - Block SweetIM toolbar (Malware Issue) and website
: Block SweetIM toolbar (Malware Issue) and website
Status: RESOLVED FIXED
[squeaky]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks: softonic
  Show dependency treegraph
 
Reported: 2012-10-29 06:33 PDT by David Weir (satdav)
Modified: 2016-03-07 15:30 PST (History)
13 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description David Weir (satdav) 2012-10-29 06:33:24 PDT
what is the chance of getting the sweetim toolbar as blocklisted it is coming up on all websites what is is a malware toolbar 

it was on my grans machime for examplewh when she never installed it
Comment 1 David Weir (satdav) 2012-10-29 06:36:01 PDT
http://sweetim.sweetpacks.com/ for full details
Comment 3 Jorge Villalobos [:jorgev] 2012-11-09 19:49:00 PST
Kris, please look into this toolbar and let us know what you discover.
Comment 4 Kris Maglione [:kmag] 2012-11-12 13:06:08 PST
Yeah, it's definitely a silent install. Wouldn't be surprised if it comes bundled as tag-along crapware with something else. The installer from the linked site changes the homepage, the newtab page, the keyword URL, and the default search engine, too. Disable it from about:addons and it gives you a confirmation (https://people.mozilla.com/~kmaglione/images/d8aecdf2716894b0.png) Urgh. And a second confirmation (https://people.mozilla.com/~kmaglione/images/7d37e927d1e90e4d.png) Doesn't reset the above changes regardless.

On the other hand, its fancy home page/new tab page is blinking at me and saying I've got an unclaimed prize, which seems to be a blinking iPad. \o/

ID: {EEE6C361-6118-11DC-9C72-001320C79847}

It also installed some crapware called DealPly in the process. Not exactly sure what it does. It hasn't shown up in about:addons yet. I think it's an external application that watches what I'm browsing and will eventually open an external popup window.
Comment 5 David Weir (satdav) 2012-11-13 01:26:41 PST
Kris can we get this blocked ASAP if possible

I would do it in a whole for all Firefox and os
Comment 6 Jorge Villalobos [:jorgev] 2012-11-13 07:17:51 PST
We won't block it immediately because we want to contact the developers first and try to get them to fix the problem. Also, I'll be away at a MozCamp for the remainder of the week, so don't expect much activity on this bug until next week.
Comment 7 Jorge Villalobos [:jorgev] 2012-11-29 16:15:31 PST
I contacted the developers. If they don't reply within a week, we will proceed with the block.
Comment 8 Kris Maglione [:kmag] 2012-12-04 16:20:51 PST
Softonic installers are installing this too now.
Comment 9 Daniel Holbert [:dholbert] (mostly OOTO until Aug 9th) 2012-12-05 14:52:44 PST
Just as one more data point, Web Of Trust has some comments on this toolbar/site:
 "Changed my browser home page ( without permission ) to sweetim search page."
 "Installed without permission apparently as part of divx install"
 "The program is often hidden in freeware software."
https://www.mywot.com/en/scorecard/sweetim.sweetpacks.com
Comment 10 Jorge Villalobos [:jorgev] 2012-12-06 09:12:41 PST
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i236
Comment 11 RMH 2012-12-09 05:53:57 PST
Sweetpacks and SweetIM are intrusive and insidious. I got them without permission after downloading KMplayer via Softonics. They affected not only Mozilla, IE and Chrome, but they also disabled my Avira Premium 'Web Protection' service. 

Mozilla is my primary browser and Sweetpacks didn't appear for a few days so I was unaware it had installed itself. I didn't understand why Avira wasn't working properly until I saw and removed Sweetpacks, then the Avira 'Web Protection' started immediately. 

I deleted every reference to Sweetpacks and SweetIM from the registry.

Someone should look into the payoff for this malware to see what information has been gleaned and what other possible damage may have occured. Disabling antivirus services is serious.
Comment 12 Scoobidiver (away) 2012-12-15 07:25:00 PST
RMH, Firefox is not anti-malware software and blocklisting its add-on part is the only thing Mozilla can do.
See also https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware#w_how-do-i-prevent-malware-from-being-installed
Comment 13 RMH 2012-12-15 08:49:34 PST
(In reply to Scoobidiver from comment #12)
> RMH, Firefox is not anti-malware software and blocklisting its add-on part
> is the only thing Mozilla can do.
> See also
> https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-
> malware#w_how-do-i-prevent-malware-from-being-installed

Scoobidiver, I also posted the same comment to an Avira forum. My intent was that all parties affected be aware that Sweetpacks and SweetIM are more than a simple annoyance, they are potentially dangerous and should be taken seriously.
Comment 14 Jorge Villalobos [:jorgev] 2012-12-18 07:35:24 PST
This block has been updated to cover all versions < 1.8. Version 1.8 addresses the main reasons we decided to block this add-on in the first place.

Note You need to log in before you can comment on or make changes to this bug.