1. 5

I hope you don’t mind the cross-post from HN, but it was suggested I share this here (and yay I finally got an invite over here ;)). So, I spent the weekend hacking out a Chrome extension (which will live at https://github.com/extensionwatch/chrome later tonight) that will hopefully help reduce the proliferation of adware and malware. I plan to hack one out for Firefox and friends in the future, too.

My approach is fairly simplistic right now (hooks into Chrome’s extension installation and disables a blacklisted extension as soon as it’s installed, updated, or recognized after a database update), but as I’m digging more into these nasty extensions, I’m seeing some patterns in the DOM injection that I’m also going to watch for separately. So, while an extension block list will catch the dumb extension owners or those who sell to adware companies, the more sophisticated analysis of the DOM and watching for script/load requests to certain domains should at least alert the user to the presence of certain adware (even if I can’t track down exactly which extension may be causing it).

But I need your help! The database of malware extensions and malware-peddling domains that powers this whole thing lives over at https://github.com/extensionwatch/database. I need you all to help me fill in the current crop of evil extensions and adware dispensing domains. The database will live in this repository, be built using a Rake task, and deployed to users of the extension. The idea is to have a completely open and collaborative repository of this stuff to alleviate a lot of the (justified) “who’s watching the watchers” paranoia.

Anyhow, feel free to file issues on either of those repositories to start discussions. I’ll be around the comments this afternoon, too, and I’m also available via e-mail at my Lobsters username at gmail.

  1.  

  2. 3

    Isn’t this a job for Mozilla and Google? We saw Google take action yesterday when it removed two extensions that had been hijacked to serve malware.

    Meta: I down voted as low quality. While this project seems cool, there is currently no code in either repositories and the website doesn’t work.

    1. 1

      There are still several of them on the Web Store that they have not (and very likely, will not) take action against. Those extensions were dinged because they were rewriting links and what not without the user knowing. There are others that still pop up new windows, write ads into pages, etc. that Google apparently feels are perfectly cool.

      Likewise, their response is slow and only applies to extensions that are loaded through the Web Store. You can also install them through sideloading from your own site or application installers (think like those stupid ad bars that get pinned into IE from unscrupulous characters). This sort of behavior is becoming a lot more prevalent, and they’re doing precious little to prevent it unfortunately. They have to walk a fine line between protecting their users and not putting arduous restrictions in place, so I still think a project like this is necessary (at least right now).