said by fatness :

Wired News article

quote:

---

Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site. The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.

---

quote:

---

Dave Miller (MoCo) 2008-05-06 01:47:24 PDT
clamscan says:
vietnamese_language_pack-2.0-fx-win.xpi: HTML.Xorer FOUND
The file is dated February 18, the virus signature is date April 14, so we
apparently had this in the wild for about 2 months before the scanners were
detecting it.

Axel Hecht [:Pike] 2008-05-06 01:50:23 PDT
FWIW, I think we're talking about
http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.
aspx?idvirus=189095&sitepanda=particulares,
right?

Dave Miller (MoCo) 2008-05-06 01:53:02 PDT
The signature I found that said April 14 on it was HTML.Xorer.A. The one you
just found is much more likely to be a match, and the window looks much smaller
there.

Hai-Nam Nguyen (jcisio) 2008-05-06 02:01:26 PDT
With info from Panda security, I think it just because the author's local
network was infected with the virus, so it modified html files. The main virus
is a Win32 program. The infected code just display annoying banner but it can't
propagate.
I think we might just remove the script and everything backs ok.

Justin Scott [:fligtar] 2008-05-06 10:20:09 PDT
Since we seem to have determined it wasn't malicious on the part of the author,
I've changed the add-on status to be in the sandbox and deleted both files.
Jasper, please upload a new version without the virus and let us know and we'll
check it out before pushing it public again.

Dan Guido 2008-05-07 21:07:14 PDT
Was the source of this malicious code found?

Jasper Thái 2008-05-08 05:04:42 PDT
Sorry for the inconvenient!
I've found that translated help files was modified by a virus, come from China.
I'm so busy these days, but I've cleaned up malicious code. The new fresh pack
coming soon.
Thanks!

---

quote:

---

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Starting in mid-Feburary, Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site. The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.

The glitch isn't the first time that seemingly trusted software included rogue code, but such occurences are surprisingly rare given the amount of open-source and shareware programs that net users install based on blind trust. That's not even mentioning the huge selection of pirated software available on file sharing networks that could easily be infected with malware.

In response to the later discovery of the latent Trojan code by anti-virus software, Mozilla pulled the language pack and announced it would begin scanning all add-ons whenever they update their virus signatures, not just when add-ons are originally posted, according to a entry on the Mozilla security blog.

---

quote:

---

16,667 people had downloaded the add-on since November 2007.

---