Firefox Vietnamese Language Pack Infected With Trojan

An anonymous reader writes "Wired.com is reporting that the Firefox browser has been unknowingly distributing a trojan with the Firefox Vietnamese language pack. Over 16,000 downloads of the pack occurred since being infected. This highlights a risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."

Racists trolls go away

[davidwr]

Will someone with mod points drive the racist posts down to -2 where they belong?

Ignore this

[Anonymous Coward]

post. removing incorrect mod.

Re:Downside of OSS

[betterunixthanunix]

http://fedoraproject.org/wiki/QA [fedoraproject.org]

We have quality control also. Also, this language pack trojan was caught early on...

Re:Downside of OSS

[Paradise Pete]

I'm not saying commercial software is perfect in that regard (there have been cases of commerically distributed software containing malware too), but at least there is generally some level of quality control there.

Creative MP3 players ship with virus [theregister.co.uk]
Apple Ships iPods with Windows Virus [betanews.com]
Seagate Storage Units Ship with Virus [eweek.com]
Sega Dreamcast console game spreads virus [findarticles.com]
Maxtor USB Hard Drives Ship Virus Infected [everythingusb.com]
Digital photo frames ship with computer virus [itrportal.com]
Sony Ships Rootkit [schneier.com]

More Slashdot Sensationalism

[MobyDisk]

The article says:

...That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack.

That meant that anyone installing the language pack would have malicious ad displaying code inside their browser -- which could be used for other exploits.

So the language pack did not have a Trojan. I don't think the language packs even have executable code. The language packs had help files with banner ads in them. That's not even close to what the headline says. But I guess "Vietnamese help files may contain ads" doesn't sound as scary.

(I guess this means Slashdot sensationalism isn't restricted to anti-Microsoft articles.)

Re:Downside of OSS

[Uncle Focker]

I'm guessing you didn't read the article. The breakdown came with the fact that the signature of the trojan was unknown at the time it was uploaded and so the anti-virus scan on the extension came up clean. This had nothing to do with a failure of OSS but with the fact that at the time it was an unknown trojan.

Not really infected

[hweimer]

According to the Mozilla Security Blog [mozilla.com] the language pack did not contain any malicious code, but only manipulated HTML files:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.

Re:More Slashdot Sensationalism

[Anonymous Coward]

To be entirely fair, the headline does not necessarily imply the infection you presume it does. To use 100% correct terminology, the Vietnamese language pack was affected by a virus that had infected the developers' computer.

There is a fine line between affection and infection, but they are regularly used interchangeably.

Re:Downside of OSS

[makomk]

Not really. Apparently, the trojan was a single line of code in the HTML help file, not the extension code itself, and I doubt a human would necessarily even think to check there.

MS did it too

[Anonymous Coward]

MSKB 323302 [microsoft.com]: PRB: Inert Virus Found in Korean Language Version of Visual Studio .NET

Author of the lang pack notified

[The MAZZTer]

He posted on [url=https://bugzilla.mozilla.org/show_bug.cgi?id=432406]the bugzilla post[/url] saying he's preparing a cleaned pack. Apparently his computer was infected with the trojan which infected the lang pack files.

It's noteworthy that the actual trojan isn't in the files... just the code which does the advertising stuff, I think. It can't propagate from these files. Since it took so long to be detected it's possible the infected code doesn't work (after all it was intended for HTML documents and not language packs) but this is just personal speculation.

Re:More Slashdot Sensationalism

[trifish]

Eh? From the article: "On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan's code and removed the file the same day."

Re:Not really infected

[trifish]

From the article: "On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan's code and removed the file the same day."

Re:It was enough

[Knuckles]

if IE is safer in that regard, then there you go.

Yeah, sure. We have constant trojan infections at our company, probably stemming from users visiting myspace with IE6.

That does not excuse the FF problem, though.

Re:Not really infected

[Burpmaster]

"Firefox admins quickly confirmed the presence of the Trojan's code"

That would be the HTML code that places the ad, not the trojan itself.

Not infected

[jonasj]

The language pack was not infected with the trojan itself. It only contained some HTML code displaying ads in the help files. These were inserted BY the trojan, on the language pack contributor's infected computer, but the language pack itself only contained the ad-displaying code.

"the author's local network was infected with the virus, so it modified html files. The main virus is a Win32 program. The infected code just display annoying banner but it can't propagate." -- https://bugzilla.mozilla.org/show_bug.cgi?id=432406#c10 [mozilla.org]

I'm replying to this thread to put this information at the top of the discussion because the article summary makes it sound like the language pack actually infected people's systems with the trojan.