Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Mozilla shipped worm with Firefox add-on

Vietnamese language pack was infected for months before malware detected

By Gregg Keizer
Comments
3
Recommended
149

Active Comments

Anonymous says: I believe the language packs are accepted into the source tree. Linux distributions compiles from the source tree. I wonder...
Read the rest | Reply
Rob says: Even with on demand scanning of new uploads with more than one scanner, the same problem can recur. The follow-on...
Read the rest | Reply
All Comments (3) | Post New


Zone

Featured Zone
The Security Zone

With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical...

Learn more in The Security Zone
See All Zones

May 8, 2008 (Computerworld) Mozilla Corp. yesterday warned users about a worm that slipped into Firefox's Vietnamese language add-on and went undetected for months.

The malware-infected file has been pulled from Mozilla's servers.

"The Vietnamese language pack for Firefox 2 contains inserted code to load remote content," Window Snyder, Mozilla's chief security executive, confirmed in a post to the company's blog on Wednesday. "Everyone who downloaded the most recent Vietnamese language pack since Feb. 18, 2008, got an infected copy."

According to Snyder, the download count for the add-on since last November has been 16,667. "So we anticipate the impact on users to be limited," she said.

Mozilla developers first noticed the infected language pack on Tuesday, and by the next day had determined that the infection was accidental.

According to messages posted on Bugzilla, the bug management system Mozilla uses to track code changes, a computer used by Jasper Thai, the author of the Vietnamese add-on, had been infected earlier with the Xorer worm, malware designed to infect only Windows PCs. When Thai created the add-on, Xorer hitched a ride by installing itself in the extension's code.

Xorer can spread via removable media -- including floppy disks -- and network shares, several security vendors said in their online malware databases. "Its effects can range from simply annoying to destructive," noted the write-up by Panda Security. Snyder said that infected users were being shown unwanted ads when they surfed with Firefox.

Although Mozilla scans Firefox add-ons, including language packs, for malicious code before making them available for download, its antivirus scanner missed Xorer because it had not added a signature for the malware until mid-April. Thai had wrapped up the Vietnamese pack nearly two months earlier, on Feb. 18.

"The file is dated Feb. 18, the virus signature is date April 14, so we apparently had this in the wild for about two months before the scanners were detecting it," Dave Miller, a Mozilla company developer, said on Bugzilla.

Although U.K.-based security vendor Sophos PLC said it had produced a detection signature for the worm in early January, and Trend Micro Inc. had added one on Feb. 16, others, including McAfee Inc. and Panda, didn't get around to the worm until after Thai wrapped up the language pack.

Snyder said that Mozilla would boost the number of times it scanned files for malware. "We are also adding after-the-fact scans of everything to address this sort of case in the future," she said.

Developers on Bugzilla, however, argued whether that was feasible. "Ideally, yes, except that we get new definitions on average every six hours or so and it takes over a week to virus-scan the entire FTP server," said Mozilla's Miller as he replied to a proposal to rescan after every signature update.

"Getting monthly scans is in the plan for the new stage server once we get it working," he added.

In a message posted to the Bugzilla thread today, Thai said that he would deliver a malware-free Vietnamese language pack soon. He also claimed that the worm came from China, though he offered no proof.

"Sorry for the inconvenience! I've found that translated help files were modified by a virus from China," he said.



Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare
Whitepaper: IronPort Encryption Technology: Safeguarding Business Email

CW Report: An Apple for Your Enterprise?
Mozilla fixes 11 new flaws in Firefox, six critical
Gartner urges caution before downloading Firefox
Firefox singed by eight security holes
New IE 8 security tools: Not enough to stop the Firefox onslaught
Opera updates browser to version 9.5, touts syncing, faster speed

Today's Top Stories

Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
License server glitch exposes SonicWall users to e-mail security threats
Report: Former AOL chief exec tries to raise funds to buy Yahoo

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Security Resource Alerts

Webcasts

Web Threats Don't Discriminate

The Secure Web Gateway. Mission Critical For Business

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare

Whitepapers

Learn How to Think Ahead of Attacks and Protect your Data For the Future

IronPort Web Reputation Filters Tech Note

IronPort Encryption Technology: Safeguarding Business Email

Computerworld Reports

Compterworld Technology Briefing: Intelligent Users Use Business Intelligence

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Editor's Picks

Clues point to Jan. 13 release of Windows 7 beta

Microsoft releases Vista SP2 beta

Obama's DHS pick may find support for raising H-1B cap at confirmation hearing

IBM wants info from Apple execs in Papermaster case

License server glitch exposes SonicWall users to e-mail security threats

Report: Former AOL chief exec tries to raise funds to buy Yahoo

Shark Bait
View Shark BaitFired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.

New baits
Shark Bait
Webcast

Turning information into a Competitive Advantage "Turning information into a Competitive Advantage"

Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.

View this webcast now! more

See more Webcasts more
TODAY'S TOP BLOG
Patrick Thibodeau:
Satellite images of U.S military bases Which is more important? Helping terrorists or protecting military bases? Answer: protecting Web 2.0 ... [more]
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The 2008 ERP in Manufacturing Benchmark Report Summary
IronPort Web Reputation Filters Tech Note
Designed to Manage Lean Principles
View more whitepapers 
 


Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance
To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs.

View this webcast 
Whitepaper: Tackling the Top Five Network Access Control Challenges
The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today.

Download this white paper 
Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution
The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits.
Download this white paper 
Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities
Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systems–without requiring infrastructure replacement.
Download this white paper 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.