Clarification on Vietnamese Language Pack Compromise

Window Snyder

4

As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is.

First of all, there is no virus in the Vietnamese language pack. Vietnamese language pack for Firefox users have not been infected with a virus.  The remnant we detected is a line in an html file that would display ads to users.  This does not infect the user’s machine with the virus.  It is a remnant from a virus that most likely infected the language pack developer’s machine. This code remnant is not present in other language packs.  The entire add-ons site has been scanned for malware and viruses and nothing else has been detected. Disabling the language pack in the add-ons dialog disables the code remnant.

Mozilla scans all add-ons for viruses at upload time, but the nature of most anti-virus software is that it only finds the things it knows how to look for.  When this add-on was uploaded there was no signature in the anti-virus software to detect this virus or its remnants.

There have been 16,667 downloads of the Vietnamese language pack since November 2007. It is hard to identify exactly how many users were impacted, but there are on average about 1000 active users.  While the number of users is small, this is still unacceptable.  We take this issue very seriously.  The most likely impact for users was the display of unwanted ads.

These are the steps we have taken to protect users in the future:

•    The add-ons site was immediately scanned for the presence of viruses and other potential malware, and nothing further has been detected.

•    As a response to this issue and to minimize the potential of something similar happening in the future, Mozilla is now scanning all add-ons whenever the signatures for the anti-virus software are updated.

4 responses

  1. alexandre` wrote on :

    that’s wt it makes firefox faster than inernet explorer even though it is more simple than it

  2. TzuVelli wrote on ::

    I recently read a lot about this particular vulnerability. i find it very interesting that many people that wrote about the issue did not include in their articles that the issue was not from a full blown virus but a small remnant left behind after the language pack was cleaned. If i had not read into the issue a little further i may have decided to not use Firefox any longer but thanks to articles like this one i realized that the issue was not as bad as many writers had made it sound.

  3. josias cesario dos santos wrote on :

    Mrs:
    This problem is still occurring, on February 01 my PC has been
    attacked with an CD: a spam that uses a file called Cidaemon.exe
    which is in the System32 folder, I opened it with the DOS edit, and find lines written in Vietnamese language, but it carries unwanted ads, but now brought Trojan old; eg DLDR.SWIZZOR variants of TrojanDownloader.

    Cesario Josias dos Santos
    Bauru SP

  4. derya baykal wrote on ::

    Firefox is a great browser. Supports all languages