Menu
Mozilla shipped worm with Firefox add-on

Mozilla shipped worm with Firefox add-on

Mozilla Wednesday warned users about a worm that slipped into Firefox's Vietnamese language add-on and went undetected for months.

The malware-infected file has been pulled from Mozilla's servers.

"The Vietnamese language pack for Firefox 2 contains inserted code to load remote content," Window Snyder, Mozilla's chief security executive, confirmed in a post to the company's blog on Wednesday. "Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy."

According to Snyder, the download count for the add-on since last November has been 16,667. "So we anticipate the impact on users to be limited," Snyder said.

Mozilla developers first noticed the infected language pack on Tuesday, and by the next day had determined that the infection was accidental.

According to messages posted on Bugzilla, the bug-management system Mozilla uses to track code changes, a computer used by Jasper Thai, the author of the Vietnamese add-on, had been infected earlier with the Xorer worm, malware designed to infect only Windows PCs. When Thai created the add-on, Xorer hitched a ride by installing itself in the extension's code.

Xorer can spread via removable media -- including floppy disks -- and network shares, several security vendors said in their online malware databases. "Its effects can range from simply annoying to destructive," noted the write-up by Panda Security. Snyder said that infected users were being shown unwanted ads when they surfed with Firefox.

Although Mozilla scans Firefox add-ons, including language packs, for malicious code before making them available for download, its anti-virus scanner missed Xorer because it had not added a signature for the malware until mid-April. Thai had wrapped up the Vietnamese pack nearly two months earlier, on Feb. 18.

"The file is dated February 18, the virus signature is date April 14, so we apparently had this in the wild for about 2 months before the scanners were detecting it," Dave Miller, a Mozilla company developer, said on Bugzilla.

Although U.K.-based security vendor Sophos said it had produced a detection signature for the worm in early January, and Trend Micro had added one on Feb. 16, others, including McAfee and Panda, didn't get around to the worm until after Thai wrapped up the language pack.

Snyder said that Mozilla would boost the number of times it scanned files for malware. "We are also adding after-the-fact scans of everything to address this sort of case in the future," she said.

Developers on Bugzilla, however, argued whether that was feasible. "Ideally, yes, except that we get new definitions on average every 6 hours or so and it takes over a week to virus scan the entire ftp server," said Mozilla's Miller as he replied to a proposal to re-scan after every signature update.

"Getting monthly scans is in the plan for the new stage server once we get it working," he added.

In a message posted to the Bugzilla thread today, Thai said that he would deliver a malware-free Vietnamese language pack soon. He also claimed that the worm came from China, though he offered no proof.

"Sorry for the inconvenient! I've found that translated help files was modified by a virus, come from China," he said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments