I hope you don’t mind the cross-post from HN, but it was suggested I share this here (and yay I finally got an invite over here ;)). So, I spent the weekend hacking out a Chrome extension (which will live at https://github.com/extensionwatch/chrome later tonight) that will hopefully help reduce the proliferation of adware and malware. I plan to hack one out for Firefox and friends in the future, too.
My approach is fairly simplistic right now (hooks into Chrome’s extension installation and disables a blacklisted extension as soon as it’s installed, updated, or recognized after a database update), but as I’m digging more into these nasty extensions, I’m seeing some patterns in the DOM injection that I’m also going to watch for separately. So, while an extension block list will catch the dumb extension owners or those who sell to adware companies, the more sophisticated analysis of the DOM and watching for script/load requests to certain domains should at least alert the user to the presence of certain adware (even if I can’t track down exactly which extension may be causing it).
But I need your help! The database of malware extensions and malware-peddling domains that powers this whole thing lives over at https://github.com/extensionwatch/database. I need you all to help me fill in the current crop of evil extensions and adware dispensing domains. The database will live in this repository, be built using a Rake task, and deployed to users of the extension. The idea is to have a completely open and collaborative repository of this stuff to alleviate a lot of the (justified) “who’s watching the watchers” paranoia.
Anyhow, feel free to file issues on either of those repositories to start discussions. I’ll be around the comments this afternoon, too, and I’m also available via e-mail at my Lobsters username at gmail.