Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Vietnamese Language Pack Infected With Trojan

Posted by timothy on from the when-childhood-goes-wrong dept.

An anonymous reader writes "Wired.com is reporting that the Firefox browser has been unknowingly distributing a trojan with the Firefox Vietnamese language pack. Over 16,000 downloads of the pack occurred since being infected. This highlights a risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."

16 of 200 comments (clear)

  1. Racists trolls go away by davidwr · · Score: 1, Informative

    Will someone with mod points drive the racist posts down to -2 where they belong?

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Ignore this by Anonymous Coward · · Score: 3, Informative

    post. removing incorrect mod.

  3. Re:Downside of OSS by betterunixthanunix · · Score: 3, Informative
    http://fedoraproject.org/wiki/QA

    We have quality control also. Also, this language pack trojan was caught early on...

    --
    Palm trees and 8
  4. Re:Downside of OSS by Paradise+Pete · · Score: 4, Informative
    I'm not saying commercial software is perfect in that regard (there have been cases of commerically distributed software containing malware too), but at least there is generally some level of quality control there.

    Creative MP3 players ship with virus
    Apple Ships iPods with Windows Virus
    Seagate Storage Units Ship with Virus
    Sega Dreamcast console game spreads virus
    Maxtor USB Hard Drives Ship Virus Infected
    Digital photo frames ship with computer virus
    Sony Ships Rootkit

  5. More Slashdot Sensationalism by MobyDisk · · Score: 5, Informative
    The article says:

    ...That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack.

    That meant that anyone installing the language pack would have malicious ad displaying code inside their browser -- which could be used for other exploits.
    So the language pack did not have a Trojan. I don't think the language packs even have executable code. The language packs had help files with banner ads in them. That's not even close to what the headline says. But I guess "Vietnamese help files may contain ads" doesn't sound as scary.

    (I guess this means Slashdot sensationalism isn't restricted to anti-Microsoft articles.)
    1. Re:More Slashdot Sensationalism by Anonymous Coward · · Score: 1, Informative

      To be entirely fair, the headline does not necessarily imply the infection you presume it does. To use 100% correct terminology, the Vietnamese language pack was affected by a virus that had infected the developers' computer.

      There is a fine line between affection and infection, but they are regularly used interchangeably.

    2. Re:More Slashdot Sensationalism by trifish · · Score: 3, Informative

      Eh? From the article: "On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan's code and removed the file the same day."

  6. Re:Downside of OSS by Uncle+Focker · · Score: 2, Informative

    I'm guessing you didn't read the article. The breakdown came with the fact that the signature of the trojan was unknown at the time it was uploaded and so the anti-virus scan on the extension came up clean. This had nothing to do with a failure of OSS but with the fact that at the time it was an unknown trojan.

  7. Not really infected by hweimer · · Score: 4, Informative
    According to the Mozilla Security Blog the language pack did not contain any malicious code, but only manipulated HTML files:

    The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.
    --
    OS Reviews: Free and Open Source Software
    1. Re:Not really infected by trifish · · Score: 2, Informative

      From the article: "On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan's code and removed the file the same day."

    2. Re:Not really infected by Burpmaster · · Score: 2, Informative

      "Firefox admins quickly confirmed the presence of the Trojan's code" That would be the HTML code that places the ad, not the trojan itself.
  8. Re:Downside of OSS by makomk · · Score: 4, Informative

    Not really. Apparently, the trojan was a single line of code in the HTML help file, not the extension code itself, and I doubt a human would necessarily even think to check there.

  9. MS did it too by Anonymous Coward · · Score: 1, Informative

    MSKB 323302: PRB: Inert Virus Found in Korean Language Version of Visual Studio .NET

  10. Author of the lang pack notified by The+MAZZTer · · Score: 2, Informative

    He posted on [url=https://bugzilla.mozilla.org/show_bug.cgi?id=432406]the bugzilla post[/url] saying he's preparing a cleaned pack. Apparently his computer was infected with the trojan which infected the lang pack files.

    It's noteworthy that the actual trojan isn't in the files... just the code which does the advertising stuff, I think. It can't propagate from these files. Since it took so long to be detected it's possible the infected code doesn't work (after all it was intended for HTML documents and not language packs) but this is just personal speculation.

  11. Re:It was enough by Knuckles · · Score: 2, Informative

    if IE is safer in that regard, then there you go. Yeah, sure. We have constant trojan infections at our company, probably stemming from users visiting myspace with IE6.

    That does not excuse the FF problem, though.
    --
    "When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
  12. Not infected by jonasj · · Score: 3, Informative

    The language pack was not infected with the trojan itself. It only contained some HTML code displaying ads in the help files. These were inserted BY the trojan, on the language pack contributor's infected computer, but the language pack itself only contained the ad-displaying code.

    "the author's local network was infected with the virus, so it modified html files. The main virus is a Win32 program. The infected code just display annoying banner but it can't propagate." -- https://bugzilla.mozilla.org/show_bug.cgi?id=432406#c10

    I'm replying to this thread to put this information at the top of the discussion because the article summary makes it sound like the language pack actually infected people's systems with the trojan.

    --
    You know, Microsoft's street address also says a lot about their mentality.