Network News

X My Profile
View More Activity

Mozilla Distributes Virus-Infected Language Pack

Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb. 18, 2008, were infected with pop-up ad serving software.

Window Snyder, Mozilla's chief security officer, said the Vietnamese language pack was contaminated as the result of a virus infection. "This usually results in the user seeing unwanted ads, but may be used for more malicious actions."

Snyder said Mozilla doesn't know how many people downloaded the compromised language pack, but said there have been 16,667 downloads of the pack since November 2007.

Mozilla is working on getting a replacement language pack up on the site soon. Snyder said that while Mozilla does virus scans when add-ons are uploaded to its servers, the scanner for whatever reason didn't catch this nasty until several months after the upload. Mozilla is now adding post-upload scans to everything on its download servers, she said.

Language packs are add-ons in Firefox. Add-ons can be removed by clicking "Tools" and then "Add-ons." According to the discussion on this in the Bugzilla database, the culprit here is something called "Trojan.Win32.Xorer," which disables security software on the infected PC and spreads by infecting files, programs and removable drives. Instructions for manually removing Xorer are online here.

There is an interesting discussion about this going on today at news-for-geeks site Slashdot, which "highlights the risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."

By Brian Krebs  |  May 8, 2008; 12:51 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Robotraff: A Hacker's Go-To For Clicks
Next: Adobe Plugs 8 Security Holes in Reader

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company