RSSVietnamese Firefox 2 users were given malicious content
By Scott M. Fulton, III | Published May 8, 2008, 11:40 AM
About 17,000 users of Vietnamese-language Firefox may have been wondering why their systems keep pulling up these video game cheat Web sites at random, for the past two months. But Mozilla didn't know what was up until last Tuesday.
The executable code for a Vietnamese language pack for Firefox 2 was the apparent victim of a virus located on the hard drive of its sole author. As a result, Windows Firefox users with the Vietnamese language pack have been victims of malicious page redirects, apparently since last February.
The Firefox 2 Vietnamese language pack does not actually contain a virus itself, Mozilla learned yesterday upon realizing what was going on. But the malicious payload users did receive was produced by the Xorer virus, which had infected the system of language pack author Jasper Thai. For awhile at least, Mozilla officials investigated whether Thai himself was the author of the malicious redirects.
As a Bugzilla tracking forum indicates, the problem was discovered on Tuesday when the language pack did test positive for the presence of the Xorer virus. Developer Hai-Nam Nguyen reported the discovery at about 1:00 pm PDT that day, but by 2:00, Nguyen had learned that code impacted by the virus could still register a positive signature without actually containing the virus itself. Mozilla officials acted promptly and disabled download of the language pack from its servers.
So the Xorer virus cannot spread from users of impacted systems, thus the term "infected" may be inaccurate. Still, records from security vendor McAfee's files indicate that programs impacted by the virus do redirect users to game cheat Web sites.
And since another direct impact of infected systems like Thai's, according to McAfee, is the deletion of certain Windows Registry keys such as ...\CurrentVersion\Run, it remains curious why Thai hadn't reported the problem earlier. In fact, just yesterday, Thai posted a fresh link to his project on Sourceforge -- as opposed to Mozilla's servers -- along with a positive sounding message that translates in English to, "At present / Busy busy tamarind tree!"
Thai's first acknowledgement of the problem came at 5:00 am this morning. "Sorry for the inconvenient!" he wrote. "I've found that translated help files was modified by a virus, come from China. I'm so busy these days, but I've cleaned up malicious code. The new fresh pack coming soon. Thanks!"
The fact that it took over two months for the problem to be discovered even though Mozilla's servers are supposedly checked for viruses regularly, has the group's developers and administrators baffled and searching for solutions. In response to one forum question over whether systems should be re-scanned once new virus definitions are published, Mozilla developer Dave Miller responded, "Ideally, yes, except that we get new definitions on average every 6 hours or so and it takes over a week to virus scan the entire ftp server. Getting monthly scans is in the plan for the new stage server once we get it working."
Why would a Virus scan take that long? If it's taking that long, then they need to divide their scans out to different CPU's...
Score: 0
The only way to stay safe these days is never to go online in the first place. The second safest is to use a browser few use such as Opera. Not having a go at Opera, but as only three people use it the bad guys leave it alone, as do most other folk it has to be said. The more computer users who decide Foxy is the way to go the more times it will be attacked. Good news is as Foxy and Opera become more popular, that is their usage gets out of double figures the safer will become IE7/8. So it's looking good for Bills browser and not so good for the others.
Score: 0
With dozens of language packs a wonder why this is the only one affected. Something Phishy going on.
Score: 0
At least, it was only on Windows.
Score: 0
Great job Mozilla!!
Score: 0
F**cking Commies! :P
Score: 0
Wow. Kind of wipes all open source arguments off the table...
Score: 0
lol.
"Stay Secure* on the Web.
Firefox continues to lead the way in online security*, and now includes active protection from online scams* to keep you safer*."
*excluding Vietnam.
Score: 0
Not all...but alot of them anyway.
Score: 0