Firefox Vietnamese Language Pack Infected With Trojan 200
An anonymous reader writes "Wired.com is reporting that the Firefox browser has been unknowingly distributing a trojan with the Firefox Vietnamese language pack. Over 16,000 downloads of the pack occurred since being infected. This highlights a risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."
Racists trolls go away (Score:1, Informative)
Ignore this (Score:3, Informative)
Re:Downside of OSS (Score:4, Informative)
We have quality control also. Also, this language pack trojan was caught early on...
Re:Downside of OSS (Score:4, Informative)
Creative MP3 players ship with virus [theregister.co.uk]
Apple Ships iPods with Windows Virus [betanews.com]
Seagate Storage Units Ship with Virus [eweek.com]
Sega Dreamcast console game spreads virus [findarticles.com]
Maxtor USB Hard Drives Ship Virus Infected [everythingusb.com]
Digital photo frames ship with computer virus [itrportal.com]
Sony Ships Rootkit [schneier.com]
More Slashdot Sensationalism (Score:5, Informative)
(I guess this means Slashdot sensationalism isn't restricted to anti-Microsoft articles.)
Re:Downside of OSS (Score:2, Informative)
Not really infected (Score:5, Informative)
Re:More Slashdot Sensationalism (Score:1, Informative)
There is a fine line between affection and infection, but they are regularly used interchangeably.
Re:Downside of OSS (Score:5, Informative)
MS did it too (Score:1, Informative)
Author of the lang pack notified (Score:3, Informative)
He posted on [url=https://bugzilla.mozilla.org/show_bug.cgi?id=432406]the bugzilla post[/url] saying he's preparing a cleaned pack. Apparently his computer was infected with the trojan which infected the lang pack files.
It's noteworthy that the actual trojan isn't in the files... just the code which does the advertising stuff, I think. It can't propagate from these files. Since it took so long to be detected it's possible the infected code doesn't work (after all it was intended for HTML documents and not language packs) but this is just personal speculation.
Re:More Slashdot Sensationalism (Score:4, Informative)
Re:Not really infected (Score:3, Informative)
Re:It was enough (Score:3, Informative)
That does not excuse the FF problem, though.
Re:Not really infected (Score:3, Informative)
Not infected (Score:4, Informative)
"the author's local network was infected with the virus, so it modified html files. The main virus is a Win32 program. The infected code just display annoying banner but it can't propagate." -- https://bugzilla.mozilla.org/show_bug.cgi?id=432406#c10 [mozilla.org]
I'm replying to this thread to put this information at the top of the discussion because the article summary makes it sound like the language pack actually infected people's systems with the trojan.