ALERT: Firefox 2 Vietnamese Language Pack infected by malware
Thanks to Susan for the heads up…
Cite: https://bugzilla.mozilla.org/show_bug.cgi?id=432406
Anybody who downloaded and installed the Vietnamese language pack ***since 18 February*** will have got an infected copy. Symptoms include the display of unwanted advertising.
Mozilla notes that because only “16,667 total downloads of the Vietnamese language pack since November 2007” they consider that the impact on users will be “limited” – well, it may be limited in Mozilla’s eyes, but I suspect that those affected will be less dismissive.
It is staggering that the infected file was in situ and being distributed for over two and a half months. It is also staggering that Mozilla seemingly did (does?) not complete regular scanning of their files to check for previously undetected malware – didn’t they realise that there is always a period of time between malware being released to the wild, and security products updating their products to add detection of new malware?? By not regularly re-scanning all files available for download they expose(d) their users to real risk.
The malware is named in the bugzilla thread as “HTML.Xorer”.
Advice is to disable the Vietnamese Language Pack.