Hi all,
For your information !
----- Message transf?r? de vern.weitzel at gmail.com -----
Date?: Thu, 08 May 2008 04:11:34 -0700
De?: Vern Weitzel <vern.weitzel at gmail.com>
R?pondre ??: vern.weitzel at gmail.com, vern at coombs.anu.edu.au
Objet?: [vnit] Fwd: Important info for Mozilla Firefox users - in Viet Nam
??: Caitlin Wyndham <caitlin at netnam.vn>, Nguyen Truong Giang
<nguyen.truong.giang at undp.org>, "[vnit-l discussion group]"
<vnit-l at cairo.anu.edu.au>, "[ksd-vn Knowledge Systems in Development]"
<ksd-vn at anu.edu.au>, David Tremblay <david at ngocentre.org.vn>,
"mail.ngocentre.org.vn" <sysadmin at ngocentre.org.vn>
Thanks Caitlin, I'll pass it on. Vern
-------- Original Message --------
Subject: Important info for Mozilla Firefox users
Date: Thu, 8 May 2008 11:24:57 +0700
From: Caitlin Wyndham <[email protected]>
Firefox Infects Vietnamese Users With Trojan Code
By Ryan Singel Email <mailto:ryan at ryansingel.net>May 07, 2008 | 7:57:59
PMCategories: Glitches and Bugs
<http://blog.wired.com/27bstroke6/glitches_and_bugs/index.html>
Firefoxlogo
Mozilla, the maker of the open source Firefox browser, is redoubling its
efforts to check user created add-ons for viruses and Trojans after it
discovered that a language pack on its official add-on page had been
infected for months with rogue code, the organization reported Wednesday.
Starting in mid-Feburary, Vietnamese users of Mozilla's open source
Firefox browser were at risk of infection from malicious Trojan Horse
code seemingly accidentally embedded in a language pack available on its
Add-ons site <https://addons.mozilla.org/en-US/firefox/>.
The virus's signature was unknown at the time, and thus passed Mozilla's
testing of add-ons.
The glitch isn't the first time that seemingly trusted software included
rogue code, but such occurences are surprisingly rare given the amount
of open-source and shareware programs that net users install based on
blind trust. That's not even mentioning the huge selection of pirated
software available on file sharing networks that could easily be
infected with malware.
In response to the later discovery of the latent Trojan code by
anti-virus software, Mozilla pulled the language pack and announced it
would begin scanning all add-ons whenever they update their virus
signatures, not just when add-ons are originally posted, according to a
entry
<http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/>
on the Mozilla security blog.
Mozilla had no exact statistics on the number of users who had installed
the infected Vietnamese language add-on since it was uploaded on
February 18, but said that 16,667 people had downloaded the add-on since
November 2007.
On Tuesday, a user named Hai-Nam Nguyen reported
<https://bugzilla.mozilla.org/show_bug.cgi?id=432406> that anti-virus
programs detected the Xorer Trojan
<http://www.threatexpert.com/report.aspx?uid=ef3c617b-9bf8-409a-a535-cb4d653e35c8>
inside the add-on. Firefox admins quickly confirmed the presence of the
Trojan's code and removed the file the same day.
Mozilla ran an anti-virus check on the most recent version in February
when it was added to the official Firefox add-ons site
<https://bugzilla.mozilla.org/show_bug.cgi?id=432406>, but the Trojan's
virus signature was not known until April.
The add-on's author is not suspected of intentionally booby-trapping the
file, but instead had his own system infected. That Trojan inserted a
banner-ad displaying script into any html file on his system, which
included the help files for the language pack.
That meant that anyone installing the language pack would have malicious
ad displaying code inside their browser -- which could be used for other
exploits.
The Vietnamese language pack has been pulled until a clean replacement
is uploaded. Existing users should uninstall the add-on in the meantime.
Caitlin Wyndham
Consultant
281 to 17 Phuong Lien
Dong Da District
Hanoi, Vietnam
Mob: +84 913 281 046
Skype: cmwyndham
caitlin at netnam.vn
---------
List info/subscribe/unsubscribe: http://majordomo.anu.edu.au
----- Fin du message transf?r? -----
--
Agence universitaire de la Francophonie - Bureau Asie-Pacifique
