Firefox add-on has a malicious trojan in its code

kkcapricorn

5-8-2008 5:54 PM

95 views

see more clips

Tor

Rock Monuments

The History of the Color Wheel

Oppose Climate Alarmist Gore: Sign...

Ayers Rock

Pencil Art Evolves Into Unusual Sc...

9FF GT9 Only 409 km/h

clips by kkcapricorn

Local anti-war marchers step off f...

Clinton accepts VP slot on Dream t...

Quote of the day

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color: #ffffff;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/fa9858c8-5ece-4ba4-a8a6-1768156b5782/0E50DE4B-18F6-40CF-AD16-D957AB5013F2/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html" href="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html" style="font-size: 11px;">blog.wired.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html">Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html">The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html">In response to the later discovery of the latent Trojan code by anti-virus software, Mozilla
pulled the language pack and announced it would begin scanning all add-ons whenever they update
their virus signatures, not just when add-ons are originally posted,
according to a <A href="http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/">entry</A> on the Mozilla security blog</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html">The add-on's author is not suspected of intentionally booby-trapping the file, but instead had his own system infected. That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack</blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html">anti-virus programs detected the <A href="http://www.threatexpert.com/report.aspx?uid=ef3c617b-9bf8-409a-a535-cb4d653e35c8">Xorer Trojan</A> inside the add-on</blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/0E50DE4B-18F6-40CF-AD16-D957AB5013F2/blog/" title="blog or email this clip"><img src="http://content6.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

kkcapricorn says:

One can never be too careful.

1 Comment |