Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Vietnamese Language Pack Infected With Trojan

Posted by timothy on from the when-childhood-goes-wrong dept.

An anonymous reader writes "Wired.com is reporting that the Firefox browser has been unknowingly distributing a trojan with the Firefox Vietnamese language pack. Over 16,000 downloads of the pack occurred since being infected. This highlights a risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."

4 of 200 comments (clear)

  1. Re:Downside of OSS by Paradise+Pete · · Score: 4, Informative
    I'm not saying commercial software is perfect in that regard (there have been cases of commerically distributed software containing malware too), but at least there is generally some level of quality control there.

    Creative MP3 players ship with virus
    Apple Ships iPods with Windows Virus
    Seagate Storage Units Ship with Virus
    Sega Dreamcast console game spreads virus
    Maxtor USB Hard Drives Ship Virus Infected
    Digital photo frames ship with computer virus
    Sony Ships Rootkit

  2. More Slashdot Sensationalism by MobyDisk · · Score: 5, Informative
    The article says:

    ...That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack.

    That meant that anyone installing the language pack would have malicious ad displaying code inside their browser -- which could be used for other exploits.
    So the language pack did not have a Trojan. I don't think the language packs even have executable code. The language packs had help files with banner ads in them. That's not even close to what the headline says. But I guess "Vietnamese help files may contain ads" doesn't sound as scary.

    (I guess this means Slashdot sensationalism isn't restricted to anti-Microsoft articles.)
  3. Not really infected by hweimer · · Score: 4, Informative
    According to the Mozilla Security Blog the language pack did not contain any malicious code, but only manipulated HTML files:

    The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.
    --
    OS Reviews: Free and Open Source Software
  4. Re:Downside of OSS by makomk · · Score: 4, Informative

    Not really. Apparently, the trojan was a single line of code in the HTML help file, not the extension code itself, and I doubt a human would necessarily even think to check there.