Slashdot Mirror

← Back to Stories (view on slashdot.org)

Korean Mozilla Binaries Infected

Posted by CmdrTaco on from the caught-with-their-pants-down dept.

Magnus writes "Korean distributions of Mozilla and Thunderbird for Linux were infected with Virus.Linux.RST.b. This virus searches for executable ELF files in the current and /bin directories and infects them. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell."

8 of 592 comments (clear)

  1. Re:Virus data by _bug_ · · Score: 5, Insightful

    That's odd... I learned here that Mozilla is clearly more responsive to security bugs than Microsoft. What gives?

    You mean besides the fact that the binaries were removed as soon as they found out?

  2. Infecting /bin? by Danathar · · Score: 5, Insightful

    I'm assuming this can only occur if you installed the virus infected material as root?

    Nothing new here....if you install software as root from a compromised source and don't check the md5sums along with other precautions you put yourself at risk

  3. Tinfoil shoes? by bitslinger_42 · · Score: 5, Insightful

    OK, really paranoid, conspiracy-theory thought here... Yesterday, Symantec, a vendor with an AV product, releases a report claiming that Mozilla is not as secure as IE. Today, a news story comes out that a download of Mozilla from some website in Korea has been trojaned. Anyone else wondering if Symantec placed the infected files in Korea to boost sales of either their Linux AV product (haven't checked to see if there is one yet) or their security consluting services?

    My late-night googling skills are failing to find a reference, but I remember some stories from a couple years back about AV companies writing and releasing new viruses to pad their list of known viruses. If that was true, then I wouldn't put a stunt like this past them.

  4. Re:Virus data by boaworm · · Score: 5, Insightful

    If you've read TFA, you'd know that this has virtually nothing to do with mozilla or OSS.

    A third party, a mozilla fan site in korea, distributed infected binaries.

    If you find an infected version of Winzip on an internet site, would you blame Winzip.com ?

    --
    Probable impossibilities are to be preferred to improbable possibilities.
    Aristotele
  5. Alan Cox was right by Saunalainen · · Score: 5, Insightful
    Yet another example of the lamentable state of modern computer security. This wouldn't be a problem if operating systems required a trusted signature for software to be installed.

    I use a lot of OS software (e.g. Firefox, NeoOffice/J, LyX, R), but the standard installation process on my platform (OS X) does not allow checking for an authentic signature. Why is this not built in? It doesn't have to be this way: for instance, Red Hat signs its own RPMs (though Debian's APT didn't support this last time I looked).

    We already have to trust the developers. We shouldn't have to trust every FTP server too.

  6. If Microsoft did it, it would be Microsoft. by khasim · · Score: 5, Insightful
    I believe the point is if MS did this, it wouldn't matter how fast they removed the infected binaries, there would be a string of posts pontificating on how this clearly demonstrates linux/firefox as superior. And they'd all be modded +5.
    If Microsoft distributed infected binaries, then it would be Microsoft distributing infected binaries.
    Of course saying the reverse here will quickly get you troll/flamebait/overated down to -1.
    You do realize that you're completely wrong.

    This is not about Mozilla distributing infected binaries. Mozilla did not. If they had, your analogy would be correct.

    This is about a 3rd party site distributing binaries of compiled Mozilla code that were infected.

    The only Microsoft comparision that can be made would be if HP (or some OEM) shipped WinXP computers with a virus.

    The real question is how did that virus get there in the first place. It's been around for a while but it doesn't spread.
  7. Re:Virus data by GreyPoopon · · Score: 5, Insightful
    I believe the point is if MS did this, it wouldn't matter how fast they removed the infected binaries, there would be a string of posts pontificating on how this clearly demonstrates linux/firefox as superior.

    Let's compare apples to apples here. If MS was offering infected binaries form one of THEIR sites, yes, we'd be jumping down their throat. On the other hand, if MS decided to let Download.com distribute versions of a "freeware" application (like Messenger), and the binaries on Download.com were infected, most of us would just be avoiding Download.com like the plague. Sure, some people would still blame Microsoft, just as some people are going to blame Mozilla here.

    Now, having said all of that, I'll bring up the question of accountability. Since Mozilla is being distributed by public mirrors, it's probably a REALLY good idea to have some sort of guidelines that need to be met by the administrators to make sure this doesn't happen on a "Mozilla-certified" mirror. Maybe this is already in place.

    --

    GreyPoopon
    --
    Why is it I can write insightful comments but can't come up with a clever signature?

  8. Re:Virus data by SimGuy · · Score: 5, Insightful

    And sadly, Linux administrators have been unable to suitably protect their systems in all this time, so it continues to be a pain in the ass, never really going away. I work for a hosting company, and I've dug Linux.RST.b out of too many servers.

    I think too many Linux admins don't believe there's such a thing as a Linux virus. Usually the easiest way to recognize the infection is if a large number of common programs in /bin like "grep" start crashing. Tends to make boot up and shutdown clumsily fail.

    --
    I don't care, but don't let that stop you from trying to tell me anyway.