Firefox Infects Vietnamese Users With Trojan Code

Source: wired.com

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Starting in mid-Feburary, Vietnamese users of Mozilla’s open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site.

The virus’s signature was unknown at the time, and thus passed Mozilla’s testing of add-ons.

The glitch isn’t the first time that seemingly trusted software included rogue code, but such occurences are surprisingly rare given the amount of open-source and shareware programs that net users install based on blind trust. That’s not even mentioning the huge selection of pirated software available on file sharing networks that could easily be infected with malware.

In response to the later discovery of the latent Trojan code by anti-virus software, Mozilla pulled the language pack and announced it would begin scanning all add-ons whenever they update their virus signatures, not just when add-ons are originally posted, according to a entry on the Mozilla security blog.

Mozilla had no exact statistics on the number of users who had installed the infected Vietnamese language add-on since it was uploaded on February 18, but said that 16,667 people had downloaded the add-on since November 2007.

On Tuesday, a user named Hai-Nam Nguyen reported that anti-virus programs detected the Xorer Trojan inside the add-on. Firefox admins quickly confirmed the presence of the Trojan’s code and removed the file the same day.

Mozilla ran an anti-virus check on the most recent version in February when it was added to the official Firefox add-ons site, but the Trojan’s virus signature was not known until April.

The add-on’s author is not suspected of intentionally booby-trapping the file, but instead had his own system infected. That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack.

That meant that anyone installing the language pack would have malicious ad displaying code inside their browser — which could be used for other exploits.

The Vietnamese language pack has been pulled until a clean replacement is uploaded. Existing users should uninstall the add-on in the meantime.

Advertisements

29 comments so far

  1. Https://Youtube.Com/ on

    I know this web site offers quality dependent posts and additional data,
    is there any other site which gives these information in quality?

  2. Woodrow on

    I am not positive where you’re getting your info, but good topic.

    I musst soend some time studying much more or working out more.

    Thanks for magnificent info I used tto bbe in searc of this info ffor
    my mission.

  3. advocare.com on

    I do not know if it’s just me or if perhaps everybody else experiencing issues with your
    blog. It looks like some of the written text on your content are
    running off the screen. Can someone else please comment and let me
    know if this is happening to them too? This may be a issue with my internet browser because I’ve
    had this happen previously. Thank you

  4. beach body on

    I’m not sure why but this website is loading incredibly slow
    for me. Is anyone else having this problem or is it a problem on my end?
    I’ll check back later on and see if the problem still exists.

  5. www.datingbomb.com on

    Disney’s The Rookie is a movie that proves that age
    is a number; that the impossible is really possible.

    Following The service, everyone felt really jazzed about likely to the video.
    The ultimate tearjerker as far as I am concerned!

  6. www.deathtrip.org on

    The Apple Apple iphone is very easy to use.
    Of course, that doesn’t mean you have to get stuck with a bad deal on a strategy
    for your new Iphone. General, a extremely great package if you don’t mind
    a cumbersome style.

  7. blogspot.com on

    No make a difference who you are you are bound to find some, if not all of these applications helpful.
    Look carefully at the pictures for dents, cracks, scratches
    on the screen, etc. The two builders are now very wealthy men.

  8. Alan on

    Their media choice is massive and covers every veriety of music, films
    and video games. It can straight mount Apple iphone four as a difficult generate.
    But you’re wondering how much quicker is 4G than 3G,
    correct?

  9. download redsn0w 0.9.6b5 on

    Now usage of jailbreak is appropriate to your iPhone.
    jailbreak me application is extremely powerful to uncover jailbreak4.1.
    It is possible to download and use the test version for free, for a small
    period.

  10. Reyna on

    Not only do those shield from scratches only, but they
    include the telephone’s display, leaving the back
    unprotected. Be sure to follow the directions exactly as they are given.

    You can also see digital camera photos, etc.

  11. kik for pc download on

    The option to deliver a Ping will appear when you spotlight the contact.
    Whilst this is a great function in a way, it can be a supply of some unnecessary +explanations+ for many
    individuals.

  12. Roosevelt on

    Than apparently its time GAME OVER. Not really a real-life one, a
    Virtual GAME OVER. I understand I did, and in truth I dedicated all of the day to simply enjoying this game.

  13. Angeles on

    To unlock your iphone, set up Cydia, open it and then go to the Handle tab.
    All you have to do is plug it into the USB port of your computer, put a record on and press “Play”.

    After that, install OpenSSH by opening cydia.

  14. Sheryl on

    Thanks for your personal marvelous posting!
    I truly enjoyed reading it, you may be a great author.I will always bookmark your blog and will come
    back later in life. I want to encourage you to definitely continue your great work, have a nice
    evening!

  15. goji pro emagrece on

    It’s going to be finish of mine day, however before ending I am reading this
    wonderful article to improve my knowledge.

  16. keraplex bio belo horizonte on

    Remarkable! Its truly remarkable article, I have got much clear idea regarding from this paragraph.

  17. goji pro efeitos on

    Excellent post. I used to be checking continuously this weblog
    and I am impressed! Extremely useful information particularly the final section :
    ) I deal with such info a lot. I used to be seeking this certain info for a long time.
    Thank you and good luck.

  18. Automagically, after installing Windows 7, the computer was
    set to go to sleep after 30-minutes of inactivity.
    Then you have to eliminate it from job manager every time
    you log on. Create your collection/fan page about you.

  19. stamped concrete patio ma on

    You’re so cool! I don’t think I’ve read a
    single thing like this before. So nice to find
    another person with unique thoughts on this subject matter.
    Seriously.. thank you for starting this up. This site is something
    that is needed on the web, someone with a bit of originality!

  20. employme.com.hk on

    Greetings, I believe your site may be having web browser compatibility issues.
    When I look at your site in Safari, it looks fine but when opening in I.E.,
    it’s got some overlapping issues. I merely wanted to give
    you a quick heads up! Apart from that, wonderful site!

  21. Marlys on

    You can definitely see your skills within the article you write.
    The arena hopes for more passionate writers such as you who aren’t afraid to mention how
    they believe. At all times follow your heart.

  22. Using iMessage on your Apple iphone or using Whatsapp on your Android device.
    So great is WeChat that I am preparing to uninstall WhatsApp within the
    next 3 months. The query is, do carriers shed money on these
    deals.

  23. The very best component about this application is that it
    is free, sure, I stated Totally free! Till then, check out the video clip evidence right here.

    These days,I will sharing the two methods for everybody.

  24. mar3.smartwebsolution.org on

    This game has a relatively easy concept but is incredibly addicting.
    I discovered it to be with a great deal of stability
    and 8001003D and 8001003E mistakes fixes. It can improve the number of icons in the dock up
    to ten.

  25. cydia ios 7 error code 2 on

    Here’s a russian imperial stout match for microbrew kings and queens
    alike! Amazon launched the Pill Computer Kindle
    Fire. After your gadget is jailbroken, you require to download Winterboard.

  26. mojoproau.zendesk.com on

    Good post. I will be dealing with many of these issues as well..

  27. Garnet on

    I really like what you guys are usually up too. This sort of clever work
    and coverage! Keep up the fantastic works guys I’ve you guys to our
    blogroll.

  28. Kimberly on

    Applications that break the etiquette and integrity of Apple are the people that get banned.
    This reduces the need for the computer to fill the
    documents.

  29. Lucidus.Zendesk.com on

    It’s genuinely very complex in this busy life to listen news on Television, so I only use
    web for that purpose, and get the most up-to-date news.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: