Avast WEBforum

Other => General Topics => Topic started by: FreewheelinFrank on May 09, 2008, 11:33:04 PM

Title: Mozilla spreads malware/distributes virus! (Erm...Not)
Post by: FreewheelinFrank on May 09, 2008, 11:33:04 PM
Mozilla spreads malware rather than security.

Er, nope.

http://blogs.zdnet.com/hardware/?p=1813 (http://blogs.zdnet.com/hardware/?p=1813)

Mozilla Distributes Virus-Infected Language Pack.

Nope, sorry.

http://blog.washingtonpost.com/securityfix/2008/05/mozilla_distributes_virusinfec_1.html (http://blog.washingtonpost.com/securityfix/2008/05/mozilla_distributes_virusinfec_1.html)

Mozilla: Firefox Plug-In Shipped With Malicious Code


http://www.pcworld.com/businesscenter/article/145617/mozilla_firefox_plugin_shipped_with_malicious_code.html (http://www.pcworld.com/businesscenter/article/145617/mozilla_firefox_plugin_shipped_with_malicious_code.html)

How not to write a headline. (Kudos to PC World for getting it right!)

PC World continues the story:

Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plug-in that has been downloaded thousands of times over the past three months.

The Mozilla blog:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.

http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/ (http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/)

From the Mozilla bug report. (The second comment is from the author of the add-on.)

I think it just because the author's local
network was infected with the virus, so it modified html files. The main virus
is a Win32 program. The infected code just display annoying banner but it can't

Sorry for the inconvenient!
I've found that translated help files was modified by a virus, come from China.
I'm so busy these days, but I've cleaned up malicious code. The new fresh pack
coming soon.

https://bugzilla.mozilla.org/show_bug.cgi?id=432406 (https://bugzilla.mozilla.org/show_bug.cgi?id=432406)
Title: Re: Mozilla spreads malware/distributes virus! (Erm...Not)
Post by: polonus on May 10, 2008, 12:15:27 AM
Hi FwF,

Well of course Mozilla is not spreading malware. That in itself is a silly wrong way to put it. How can a browser spread malware? Simply because malcreants make it spread malware or greedy folk seeks ways to add adware, scumware etc. to it.
Yes and any browser because so many people code for it and review it, and build onto it, and patch bugs for it. These developers are busy with a very complex tool that basically works in a way that was never intended to go out on the World Wide Web from the onset in the University theater where all noses went one direction anyways.
So now it has underlying built-in vulnerabilities, and some of these can be abused in all sorts of ingenuous ways (compression to load faster, can also be used against the user in the hands of those that want to obfuscate hidden content to abuse, redired, to inject malicious code etc). The bulk of these exploits have to do with script in some form (Javascript and in other script), illegal characters in SecFilterEngine.Js, abuse of nsIWebProgress.removeProgressListener, XPCSafeJSObjectWrapper, securesyndication,user.JS and all sorts of external packed code to be run inside a browser to do its evil deeds.
But then there is a better browser, that is Firefox with NoScript installed, I have added some specific filters for things that ought not take place, sometimes the pages look like they are shown on a mobile, but that is the pre-filtering phase. User agent abuse is a next security thing, not only inside the browser but also redirected and external, and the right policy and trust is also imported, I have an advanced plug-in to evaluate site certification, and that can be an important tool, that is why some forms of cybercrime malware now comes with certificates and even EULA's. It is a dangerous world, but Firefox with NoScript and ABP is still one of the more secure browsers I have experienced, and I dug deep folks,


*as is Flock 1.1. with NoScript and ABP