Internet threat level: 1
Home→Blog→Incidents→September 20 2005→Infected files found on mozilla site
|
03 Sep The Winlock numbers, the Winlock laws Sergey Golovanov 03 Sep Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem Kurt Baumgartner 01 Sep The Winlock case - I'm taking bets! Eugene 31 Aug Twitter goes OAuth-only (Yay for security!) Stefan Tanase 31 Aug Gumblagra and a piano Michael 25 Aug Who needs my SQL server? VitalyK Join our blog You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings. |
Infected files found on mozilla site
Infected binary or source code files aren't anything new. And sometimes they are found on public servers. Mozilla.org is the latest example.
Korean distributives for mozilla and thunderbird for linux turned out to be infected - mozilla-installer-bin from mozilla-1.7.6.ko-KR.linux-i686.installer.tar.gz and mozilla-xremote-client from thunderbird-1.0.2.tar.gz were infected with Virus.Linux.RST.b
This virus searches for executable ELF files in the current and /bin directories and infects them. When infecting files, it writes itself to the middle of the file, at the end of a section of code, which pushes the other sections lower down. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell.
The infected files have now been removed, but it took some time. And this isn't the first time that infected binary or source code files have been placed on public servers. Yet another example of why you should have an up to date antivirus solution, and scan EVERYTHING you download, without exception.
Comments
Analysis
Weblog
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.