According to Symantec senior engineer Candid Wüest, the company has “recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts… to maximize their impact on a user’s machine.”
One avenue that’s taken is to drop the malicious extension directly into Firefox’s components directory. This means it will be automatically loaded with the browser, but will not show up in the Add-ons window.
Consequently, users are unlikely to know that the extension has been added, or see a mechanism to remove it.
http://www.itwire.com/content/view/29853/53/
