

Show HN: ExtensionWatch, a browser extension to watch for malware extensions - jeremymcanally

I spent the weekend hacking out a Chrome extension (which will live at https:&#x2F;&#x2F;github.com&#x2F;extensionwatch&#x2F;chrome later tonight) that will hopefully help reduce the proliferation of adware and malware.  I plan to hack one out for Firefox and friends in the future, too.<p>My approach is fairly simplistic right now (hooks into Chrome&#x27;s extension installation and disables a blacklisted extension as soon as it&#x27;s installed, updated, or recognized after a database update), but as I&#x27;m digging more into these nasty extensions, I&#x27;m seeing some patterns in the DOM injection that I&#x27;m also going to watch for separately.  So, while an extension block list will catch the dumb extension owners or those who sell to adware companies, the more sophisticated analysis of the DOM and watching for script&#x2F;load requests to certain domains should at least alert the user to the presence of certain adware (even if I can&#x27;t track down exactly which extension may be causing it).<p>But I need your help!  The database of malware extensions and malware-peddling domains that powers this whole thing lives over at https:&#x2F;&#x2F;github.com&#x2F;extensionwatch&#x2F;database.  I need you all to help me fill in the current crop of evil extensions and adware dispensing domains.  The database will live in this repository, be built using a Rake task, and deployed to users of the extension.  The idea is to have a completely open and collaborative repository of this stuff to alleviate a lot of the (justified) &quot;who&#x27;s watching the watchers&quot; paranoia.<p>Anyhow, feel free to file issues on either of those repositories to start discussions.  I&#x27;ll be around the comments this afternoon, too, and I&#x27;m also available via e-mail at my HN username at gmail.
======
inglor
We're actually making a browser extension as our paid product (
[http://www.tipranks.com](http://www.tipranks.com) ) and all these malware
extensions are really bad for our business.

People are worried about them and we constantly have to talk to anti-virus
companies like Norton about our extension being recognized as malware because
it uses a framework ( Crossrider ) for IE that apparently some bad people
used.

The amount of abuse in this field is amazing, it's a shame how a startup like
us that has been featured on CNBC, forbes and bloomberg has to spend so much
time because of those scammers.

So basically - thank you. I think this area should be a lot safer.

------
jeremymcanally
Sorry the post text is all jumbled. Not sure what happened there!

~~~
DjangoReinhardt
Edit your post and use double-enter to create paragraphs; single-enter is
treated as a continuation of paragraph.

HN uses a very sparse markdown format...

~~~
jeremymcanally
There we go. I did that originally but the title was too long at first, so
when it re-submitted it probably did something wacky.

