| Follow us on Twitter |
The Mozilla Security Blog posted a warning on Wednesday about the Vietnamese Language Pack for Firefox 2. Depending on what virus scanner you use, the scanner will detect some variant of HTML.Xorer.
According to Mozilla "this code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions."
Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.
"Unwanted ads," eh? Despite the fact that blogs and sites depend on ads for revenue, it's true that in general most ads are unwanted, period.
According to the Bugzilla report, it appears the malicious code was a result of the author's system or network being compromised. It does appear, as noted above, that you can't get infected by it, just annoyed.
How would it slip by Mozilla (since they scan all these plug-ins)? The old, familiar "not in the virus signature database at the time of the scan."
Therefore, this points to a couple of things: it's probably a good idea to scan Firefox extensions you download. And, as I keep harping on, an antivirus program with strong heuristics (to pick up malware not in the database) is always a good choice. It doesn't necessarily mean that the AV I use would have caught this, but chances are better.
Source: By Tech Ex
Posted May 10th, 2008 by Armen Hareyan
