Last week the Mozilla Foundation announced that two add-ons hosted on addons.mozilla.org (referred to as AMO) contained Trojan code aimed at Windows users. The two add-ons in question were Sothink Web Video Downloader (just version 4.0) and Master Filer (all versions). Mozilla explained at the time that its anti-malware scanning tools failed to detect the threat, but once it was uncovered the two add-ons are malicious, they were pulled off AMO.

Mozilla advised Firefox users that downloaded the add-ons to uninstall them. Users were also advised to get a capable antivirus application, scan their system and remove the Trojan that came bundled with the add-ons. The Mozilla Foundation specified these antivirus applications: Antiy-AVL, Avast, AVG, GData, Ikarus, K7AntiVirus, McAfee, Norman, and VBA32.

Just to put things in perspective, the Master Filer add-on was downloaded about 600 times from September ’09 until January ’10. The Sothink Web Video Downloader add-on, version 4.0, was downloaded about 4,000 times between February 2008 and May 2008.

That’s what we knew so far; now here’s the update. Turns out the Master Filer add-on was genuinely malicious, users that downloaded it may have had they system compromised by a Trojan. But Sothink Web Video Downloader version 4.0 did not contain Trojan code. It was all a false positive.

“We’ve worked with security experts and add-on developers to determine that the suspected Trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware. The same investigation also confirmed that the Master Filer extension included a valid instance of a Trojan. Our estimate of 6,000 affected downloads has been revised to under 700. The Sothink Video Downloader has been re-enabled on AMO. We apologize to our users and the developers of Sothink for any inconvenience this has caused,” explained the Mozilla Add-ons team.