Mozilla Distributes Virus-Infected Language Pack
Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb. 18, 2008, were infected with pop-up ad serving software.
Window Snyder, Mozilla's chief security officer, said the Vietnamese language pack was contaminated as the result of a virus infection. "This usually results in the user seeing unwanted ads, but may be used for more malicious actions."
Snyder said Mozilla doesn't know how many people downloaded the compromised language pack, but said there have been 16,667 downloads of the pack since November 2007.
Mozilla is working on getting a replacement language pack up on the site soon. Snyder said that while Mozilla does virus scans when add-ons are uploaded to its servers, the scanner for whatever reason didn't catch this nasty until several months after the upload. Mozilla is now adding post-upload scans to everything on its download servers, she said.
Language packs are add-ons in Firefox. Add-ons can be removed by clicking "Tools" and then "Add-ons." According to the discussion on this in the Bugzilla database, the culprit here is something called "Trojan.Win32.Xorer," which disables security software on the infected PC and spreads by infecting files, programs and removable drives. Instructions for manually removing Xorer are online here.
There is an interesting discussion about this going on today at news-for-geeks site Slashdot, which "highlights the risk on relying on user-submitted Firefox extensions, or a lack of peer-review of the extensions, many of which receive frequent upgrades."
The comments to this entry are closed.