Slashdot Mirror

← Back to Stories (view on slashdot.org)

Korean Mozilla Binaries Infected

Posted by CmdrTaco on from the caught-with-their-pants-down dept.

Magnus writes "Korean distributions of Mozilla and Thunderbird for Linux were infected with Virus.Linux.RST.b. This virus searches for executable ELF files in the current and /bin directories and infects them. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell."

5 of 592 comments (clear)

  1. OK, if you know *anything* about Linux by Shaman · · Score: 3, Interesting

    Then you'll know this virus was distributed on purpose or the core distribution was hacked and the hackers distributed it on purpose.

    You'll also know that the virus isn't infecting *anything* unless you're running as root or you're using a version of kernel and glibc that have specific flaws to allow the virus to do something as a regular user. Are they using a kernel and software from 2001? Maybe, for all I know, but that's pretty irresponsable if they are.

    This is such a non-issue for anyone except the stunned distributor that sent around the CDs. Not the first time it happened to the Windows world, either.

    --
    ...Steve
  2. Re:So let me get this straight... by Crusader7 · · Score: 4, Interesting

    That's because viruses on Linux are so rarely reported due to their limited scope of effectiveness. Since Windows is more popular in the combined server and desktop markets, outbreaks cause significantly more damage (though I'm willing to bet the damage caused per exploited system is a far lower average than the lower volume, but higher cost server attacks that UNIXes more often suffer). In addition, Windows users tend toward not being so, how to put it nicely, interested in learning the proper maintenance of their systems (hey, I'm not complaining, doing it for them pays my bills), so they tend to frequently get infected by things that don't exploit security holes in the systems but rather excess holes in the heads of the users.

    Compare to Linux in which most exploits are a result of actual security problems in either the kernel or the supporting applications, and you have less widespread attacks that affect fewer systems.

    Difference in market shares, my friend. If you want to exploit a Linux system you're probably an attacker targetting a specific network and installation for a very specific purpose (making this attack something of an oddball). If you're looking to exploit a Windows system, however, you're more likely just a general Internet thug trying to install spam bots and backdoors on home machines. The latter causes more problem since the target is a much, much larger pool of users, so the latter gets more heavily reported even though the targetted attacks usually cause more on-average damage.

  3. Re:Virus data - It's old! RTFM by NickFortune · · Score: 4, Interesting
    "Infected binary or source code files aren't anything new. And sometimes they are found on public servers. Mozilla.org is the latest example.

    mmm... So do you not think the phrase "Mozilla.org is the latest example" is a just the teeniest bit misleading in this context? You know, what with most people taking "latest" to mean "happened very recently" as opposed to "even so, there hasn't been one for simply ages so I wouldn't get too worried".

    Not that anyone would do such a thing deliberately, of course... Except I can't help wondering how many people pondering a change away from Windows/IE will read that and form a false impression of Mozilla and Linux.

    Now who could that benefit, I wonder...

    --
    Don't let THEM immanentize the Eschaton!
  4. Mozilla.co.kr by frankie · · Score: 4, Interesting

    The Mozilla foundation needs to pursue strong, immediate public action against NKing.com, holders of the mozilla.co.kr domain. Using the Mozilla name connotes official status, and they are trashing it badly. I would say stop releasing Korean builds until the domain is handed over to more responsible people.

  5. Re:6 stories down on the front page by rpdillon · · Score: 3, Interesting
    First, you can read Mozilla's policy on using the name "Mozilla" in domain names:

    If you want to include all or part of a Mozilla trademark in a domain name, you have to receive written permission from Mozilla. People naturally associate domain names with organizations whose names sound similar. Almost any use of a Mozilla trademark in a domain name is likely to confuse consumers, thus running afoul of the overarching requirement that any use of a Mozilla trademark be non-confusing. If you would like to build a Mozilla, Firefox Internet browser or Thunderbird e-mail client promotional site for your region, we encourage you to join an existing official localization project.
    source

    So Mozilla does state a policy regarding exactly what has occurred here. The problem is, U.S. trademark laws don't have any teeth in Korea. In fact, there is a U.S. government-run site that goes into great detail about how companies that have registered trademarks in the U.S. should not try to do business in Korea (or enforce their trademarks, of course) until they have registered their trademark in Korea, as well:

    Basic intellectual property laws exist in Korea. However, protection of intellectual property and the laws governing enforcement of these protections are not necessarily extra-territorial. What is understood and practiced in the United States is not always practiced in Korea. U.S. companies wishing to sell their products or services in Korea should first and foremost find out if they have to register their intellectual property rights (copyright, trademark or patents) in Korea...One of the most frequent IPR problems facing U.S. businesses in Korea is trademark protection.
    source

    Now, the last piece relates to trademark use by localization teams. The site distributing the binaries was in fact run by a Korean Firefox localization team, however, Mozilla has yet to refuse their right to use the trademarks, as per Mozilla Foundation policy, which allows use by localization teams in general, and rejects only in specific instances:

    It is very important that Community Releases of Firefox and Thunderbird maintain (or even exceed!) the quality level people have come to associate with Mozilla Firefox and Mozilla Thunderbird. We need to ensure this, but we don't want to get in people's way. So, we are taking an optimistic approach. Official L10n teams can start using the "Firefox Community Edition" and "Thunderbird Community Edition" trademarks from day one, but the Mozilla Foundation may require teams to stop doing so in the future if they are redistributing software with low quality and efforts to remedy the situation have not succeeded. Doing things this way allows us to give as much freedom to people as possible, while maintaining our trademarks as a mark of quality (which we are required to do in order to keep them).
    source

    I'll readily admit that I have no idea whether Mozilla has attempted to reject their right to use the Mozilla trademark, but given the warning found on U.S. government sites regarding trademark enforcement, I'd say it would be prodigal use of the foundation's limited resources. Further, there is nothing to indicate that there is in fact any "affiliation" whatsoever, as nowhere does Mozilla Foundation acknowledge the presence of the Korean site (although its URL does appear on a Mozilla-run wiki - who knows who put it there).

    In any case, this reflects poorly only on the part of the Korean Localization Team, as Mozilla Foundation likely lacks the resources to succesfully pursue a trademark infringement case abroad in Korea, and we have already established that the site is not an official Mozilla site (unlike, for example, http://www.mozilla-europe.org/ or