Google + Facebook Is Likely Malware- Here’s How To Get Rid Of It

Posted on 15. Jul, 2011 by in News

flattr this!

googlefacebook 300x1991

So, I think an apology might be in order.

Few days ago, I profiled what seemed to be a pretty awesome extension known as Google+Facebook. What it purported to do was allow you to view your Facebook news feed and information from your Google + account.  And to be fair, it did that.  All in all, a pretty useful tool. Problem was, there were a few rather unpleasant functions in the extension’s code, the presence of which pretty much inarguably paints it as Malware. Credit goes to RogueDarkJedi on Reddit for pointing it out to the community, and a fellow named Martin for pointing it out to me on this post

So, What’s the problem?

preview 97 1

Roguedarkjedi over on Reddit decided he’d pop open the extension and take a look at some of the inner coding. What he found was rather…distressing, to say the least. After looking into Crossrider (and the exchange between Koby Menachemi and RogueDarkJedi), there’s a few red flags and warning lights that are positively screaming in my head about this one.  And most of them actually have nothing to do with RDJ’s findings.

  1. Crossrider, the platform responsible for distributing Google+Facebook, evidently doesn’t have an up to date privacy policy. That right there? Huge red flag. Attempting to click their “terms and conditions” link at the bottom of the page takes you here. That in itself would be bad enough….but there’s more.
  2. After continuallyevading questions and comments regarding the extension, Mr. Menechemi rather unprofessionally resorted to (ironically, rather rudely) calling RDJ uncivil, and apparently started using Sockpuppet accounts to try to support his side. Oh, and he apparently lies. A lot. Not exactly the sort of behavior you’d except from a business professional, is it?
  3. This:It actively (and at random) looks for known webmail domains and starts reading your emails until it hits a quote block which it then uses to append a signature to your emails in order to get your friends to start using this software.” Not. Sodding. Cool. Oh, but it’s okay- that feature was only available in the old API. The new API doesn’t let devs access it. If that’s the case, then why in the bleeding hell is the code still there, Koby-boy
  4. Take a look at the Chrome Marketplace. And the Firefox App Store. Notice something missing? Crossrider’s extension hasn’t appeared on either site. Again, more red flags.
  5. The fact that you have to go through the processes listed in this article to uninstall the extension is the final nail in the coffin. Any piece of software that forces you to jump through hoops to get rid of it is not okay, in my books.

photo cyber crime

At this point, I don’t even need to see the code for the extension- any business which conducts themselves in the sort of fashion that Crossrider has here is one that I want to stay the hell away from. But just for kicks, let’s take a look at some other things RDJ found wrong with the extension. (Note that he was looking at the Firefox coding- though the Chrome and IE9 extensions have similar issues) I’ve copied all of his comments into categories.

Malware: The API makes multiple references to a premium service. What this means is that if the author of the plugin fails to pay the service money, CrossRider can force all users of the plugin to install additional crap. This is a forced change that you cannot opt-out of. Several mentions in the code to overriding your browser homepage. There is one place where I see this happen, but I don’t know if any function actually calls it. Uninstalling will not revert any of these changes. The “Easy to Uninstall” part on their page is bullshit. Premium or not, the only clean up made from their uninstaller is their pref branch, which does fairly little. There is no restoration of the changes like the search plugin, the search settings or your homepage.

Privacy: This addon sends browser stats while it is on the manage screen. Data sent is the browser type, addon version, script version and this value called bic (which I assume is supposed to be unique [considering it only gets set after receiving data from the server]). It might do this in other places as well. Your FB data does go through their service.

Security: There are a ton of content permission hacks in order to mount remote JS and run it at a higher permission level. It’s rather lame considering Mozilla gives you safe interfaces that allow you to do this safely.

Privacy, Security, And Malware: You have no idea when this file will change. It’s downloaded at start up and ran with window chrome permissions (this is considered dangerous). At any point in time, the author could basically say fuck you and change it to start data mining. But that’s okay, because the change will happen in the background without you ever knowing. Ever

I’ve seen enough. You can find the rest of RDJ’s examination of the extension on the reddit thread. A user known as crow1170, who initially started off suspicious of RDJ’s claims did a similar examination of the code in the IE addon…let’s just say he’s on RDJ’s side now.

How do I get rid of it?

download

Gadgets Magazine was helpful enough to compile instructions (presumably all from the reddit thread) on how to get this crap off of your system if you made the mistake of downloading it.

FirefoxLogo main Full 150x150FIREFOX:

Uninstall the add-on via the Firefox add-ons manager.

Go to about:config.

Reset all the values in about: config for the following:

  • browser.search.selectedEngine
  • browser.search.defaulturl
  • browser.search.defaultenginename
  • keyword.URL

New Chrome Icon 150x150

 

CHROME:

Go to tools.

Select extensions.

Select Google+Facebook and hit uninstall.

Internet Explorer 7 Logo 150x150

IE9

Press alt, select tools.

Click on manage extensions.

Find Google+Facebook and press disable.

 

Via Gadgets Magazine, Reddit

  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite

Related posts:

  1. Chrome Plugin Lets You Add Facebook to Google +. Sort of.
  2. Facebook Blocks Facebook Friend Exporter
  3. Google Worried About Facebook? Big Deal, Since Facebook Can’t Compete

Tags:

7 Responses to “Google + Facebook Is Likely Malware- Here’s How To Get Rid Of It”

  1. [...] Read original article… Share this:EmailPrintFacebookStumbleUpon 0 Comments – Leave a comment! « Previous Post [...]

  2. [...] was developed- but I’d still be wary. Want an example of why? Look at the Google+Facebook extension. While there’s still some contention on whether or not it’s malware; the [...]

  3. [...] it. I’ve already shown you Six extensions guaranteed to make the G+ experience better (well, five…Sorry about that, by the way), and even then, I only scratched the surface. There’s [...]

  4. [...] out to be malware- but bear with me a moment here, guys. This one seems a lot more legitimate than Google + Facebook. I mean, you can download it from the web store- that’s already a step up right there. Plus, [...]

  5. [...] out to be malware- but bear with me a moment here, guys. This one seems a lot more legitimate than Google + Facebook. I mean, you can download it from the web store- that’s already a step up right there. Plus, [...]

  6. Peter

    29. Apr, 2013

    Hello, i read your blog from time to time and i own a similar one
    and i was just curious if you get a lot of spam comments?
    If so how do you protect against it, any plugin or anything you can advise?
    I get so much lately it’s driving me mad so any help is very much appreciated.

  7. heera

    02. Oct, 2013

    sometime we are very emotinal and our mind is not working and we do some wrong step we should patient.

Leave a Reply

Name

Email

Website

Comment