Author Topic: Mozilla spreads malware/distributes virus! (Erm...Not)  (Read 2687 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Mozilla spreads malware/distributes virus! (Erm...Not)
« on: May 09, 2008, 11:33:04 PM »
Quote
Mozilla spreads malware rather than security.


Er, nope.

http://blogs.zdnet.com/hardware/?p=1813

Quote
Mozilla Distributes Virus-Infected Language Pack.

Nope, sorry.

http://blog.washingtonpost.com/securityfix/2008/05/mozilla_distributes_virusinfec_1.html

Quote
Mozilla: Firefox Plug-In Shipped With Malicious Code

Better!

http://www.pcworld.com/businesscenter/article/145617/mozilla_firefox_plugin_shipped_with_malicious_code.html

How not to write a headline. (Kudos to PC World for getting it right!)

PC World continues the story:

Quote
Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plug-in that has been downloaded thousands of times over the past three months.

The Mozilla blog:

Quote
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.

http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/

From the Mozilla bug report. (The second comment is from the author of the add-on.)

Quote
I think it just because the author's local
network was infected with the virus, so it modified html files. The main virus
is a Win32 program. The infected code just display annoying banner but it can't
propagate.

Sorry for the inconvenient!
I've found that translated help files was modified by a virus, come from China.
I'm so busy these days, but I've cleaned up malicious code. The new fresh pack
coming soon.

https://bugzilla.mozilla.org/show_bug.cgi?id=432406
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Mozilla spreads malware/distributes virus! (Erm...Not)
« Reply #1 on: May 10, 2008, 12:15:27 AM »
Hi FwF,

Well of course Mozilla is not spreading malware. That in itself is a silly wrong way to put it. How can a browser spread malware? Simply because malcreants make it spread malware or greedy folk seeks ways to add adware, scumware etc. to it.
Yes and any browser because so many people code for it and review it, and build onto it, and patch bugs for it. These developers are busy with a very complex tool that basically works in a way that was never intended to go out on the World Wide Web from the onset in the University theater where all noses went one direction anyways.
So now it has underlying built-in vulnerabilities, and some of these can be abused in all sorts of ingenuous ways (compression to load faster, can also be used against the user in the hands of those that want to obfuscate hidden content to abuse, redired, to inject malicious code etc). The bulk of these exploits have to do with script in some form (Javascript and in other script), illegal characters in SecFilterEngine.Js, abuse of nsIWebProgress.removeProgressListener, XPCSafeJSObjectWrapper, securesyndication,user.JS and all sorts of external packed code to be run inside a browser to do its evil deeds.
But then there is a better browser, that is Firefox with NoScript installed, I have added some specific filters for things that ought not take place, sometimes the pages look like they are shown on a mobile, but that is the pre-filtering phase. User agent abuse is a next security thing, not only inside the browser but also redirected and external, and the right policy and trust is also imported, I have an advanced plug-in to evaluate site certification, and that can be an important tool, that is why some forms of cybercrime malware now comes with certificates and even EULA's. It is a dangerous world, but Firefox with NoScript and ABP is still one of the more secure browsers I have experienced, and I dug deep folks,

polonus

*as is Flock 1.1. with NoScript and ABP
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!