Firefox downloads infected by ad virus

Firefox downloads infected by ad virus

Summary: Mozilla has stopped distributing a language pack for Firefox after discovering it had been infected by malicious code for over two months.

TOPICS: Browser, Microsoft

Mozilla has stopped distributing a language pack for Firefox after discovering it had been infected by malicious code for over two months.

Although Mozilla's Vietnamese language pack for Firefox has been compromised by the malware, labelled HTML.Xorer, since February, the problem was only discovered earlier this week, according to Mozilla.

The malware left those downloading the language pack open to unwanted ads.

Mozilla does not know how many computers have been affected by the corrupted file, however, since November 2007 there have been 16,677 downloads of the language pack, according to Window Snyder a Mozilla security blogger .

Mozilla usually completes a virus scan of software it makes publicly available, however its scanners failed to detect the virus, according to Snyder.

"We are also adding after-the-fact scans of everything to address this sort of case in the future," said Snyder.

Veteran Microsoft "Most Valuable Professional" Sandi Hardmeier, who specialises in Internet Explorer and Outlook Express, is "staggered" that the infected file has been distributing for over two months.

"It is also staggering that Mozilla seemingly did (does?) not complete regular scanning of their files to check for previously undetected malware — didn't they realise that there is always a period of time between malware being released to the wild, and security products updating their products to add detection of new malware??"

Mozilla recommends disabling the Vietnamese language pack using the add-ons dialog on the Tools menu.

Topics: Browser, Microsoft

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Must be pretty dumb malware...

    ... if just disabling the Vietnamese language pack also disables the malware. I would think the pertinent thing to do would be to do a virus scan if you've downloaded the Vietnamese language pack.

    Oh wait, but people using Firefox don't have virus scanners, because Firefox is invulnerable to viruses...
  • ie groupy

    Seems like an IE fanboy has finally got a Firefox blemish to pick on.

    I think everyone has a virus scanner on windows because XP and Vista security bugs the crap out of you if you don't.

    No software has perfect security but Firefox is much more secure then IE and its ActiveX malware dream.

    Firefox is still them most secure browser.
  • Fred the Fairy

    Fred, you're off in dream land if you think firefox is the most secure. You are delusional if you even think it is secure.

    It is the least secure because it has the greater number of 3rd party plugins - which obviously you cannot trust :)
  • Looking through closed eyes again

    Firefox "blemish", and then the gall to attribute blame to the OS for a) the act of a third part app, and b) the owner of the third party app not performing a scan in the first place.
    Funny stuff.
  • Firefox v. anything from Microsoft

    Software is like a safe - any safe can be cracked, given time, the right tools and the right approach. If Microsoft built safes, they would make them out of tissue paper - as evidenced by the long and inglorious history of security flaws in their software.
  • Firefox Security Issue

    In defence of Firefox and IE, no one is safe from the low life that write these virus & malware programs, the death penalty should be applied to them. However, this must serve as a wake up call for Firefox to improve their security. Also even the best virus software package doesn't catch them all as I have recently learnt with my own computer. So one breach of security in the time that Firefox has been operating is still a pretty impresive track record.
  • Nothing to do with the 'safe' this time

    Read the original bug report. The issue is a result of a language pack running scripts - there are exists requests for this scripting option to be removed as it was seen long ago as an open hole ... but nothing was done (and still has not been done - the hole is still there).
    Any script executed in this was WILL run on all os platforms that support firefox. If firefox [during the install] asks for an os related rights many users will provide this access under the assumption that it is part of a valid install of a trusted supplier.

    In this case the safe, no matter what it is made of in the first place, has a great hole in the back which everyone seems eager to ignore. Lets take the fuse out of the safe explosive [by scanning this one language pack], but lets continue to allow anything to go into ANY safe.
  • firefox