Friday, May 09, 2008

Mozilla Shipped Xorer Worm With Firefox Vietnamese Language Add-On

Mozilla Corp. warned users on Wednesday about a worm that slipped into Firefox's Vietnamese language add-on and went undetected for months.

The malware-infected file has since been pulled from Mozilla's servers however according to Window Snyder, Mozilla's chief security executive, the download count for the add-on since last November has been 16,667.

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions.

"The Vietnamese language pack for Firefox 2 contains inserted code to load remote content," said Snyder. She confirmed the information in a post to the company's blog on Wednesday. "Everyone who downloaded the most recent Vietnamese language pack since Feb. 18, 2008, got an infected copy."

According to messages posted on Bugzilla a computer used by Jasper Thai, the author of the Vietnamese add-on, had been infected earlier with the Xorer worm. When Thai created the add-on, Xorer hitched a ride by installing itself in the extension's code.

Xorer can spread via removable media -- including floppy disks -- and network shares, several security vendors said in their online malware databases. "Its effects can range from simply annoying to destructive," noted the write-up by Panda Security. Snyder said that infected users were being shown unwanted ads when they surfed with Firefox.

Although Mozilla scans Firefox add-ons, including language packs, for malicious code before making them available for download, its antivirus scanner missed Xorer because it had not added a signature for the malware until mid-April. Thai had wrapped up the Vietnamese pack nearly two months earlier, on Feb. 18.

Snyder has said that Mozilla would boost the number of times it scanned files for malware. "We are also adding after-the-fact scans of everything to address this sort of case in the future," she said.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you