Results 1 to 3 of 3

Thread: Mozilla and Linux.RST.b

  1. #1
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003

    Mozilla and Linux.RST.b

    Saw posted at
    Viruses not just a Windows issue
    According to a report from antivirus company Kaspersky, Mozilla.org recently hosted Linux versions of the Mozilla browser and Thunderbird mail client that were infected with the Linux RST.b virus.
    But if you follow the links contained you find at
    Analyst's Diary Infected files found on mozilla site

    many disgruntled members concerning the reporting.

    Mozilla Security Center
    there is
    Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17.

    Mozilla recommends to our Korean users who have downloaded affected products to run an AntiVirus product on their machine to scan for the Linux.RST.b virus and delete infected files. Further information about the Linux.RST.b virus can be found here: http://us.mcafee.com/virusInfo/defau...&virus_k=99978
    So apparently it was a mirror site that contained the infected files. No word as to how they got there, but just something to be aware.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    Since I haven't posted in a bit, I think it's time to jump back in..

    It's amusing that the original article is titled as it is.... and even more so that it contains this line:
    Unfortunately as Linux grows in popularity it is inevitable that it will attract attention from authors of malicious code.
    This is actually a quite old virus... Symantec puts the discovery date as being April 23, 2002 (source)..

    While it's true that any system can get a virus, as it has been said several times, the operating system is only as good as the user. It sounds like there was an idiot working on the Korean version who somehow managed to download and run a virus that's quite outdated. Maybe they purposely did it to backdoor users systems... It's fishy that it's only supposed to affect the /bin directory and the directory that it's executed it and still managed to infect the distributed version of mozilla... but then again, that's just my opinion.

    The Analyst's Diary link was actually fun to read... everyone's blaming someone for it.

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Join Date
    Nov 2002
    I agree with the folks on that external site. Sure Mozilla hosted files but they are also built nightly and updated sometimes. The problem stems whenever another 3-party or website gives a review of the package and offers you to download from their site instead of the author. In fact, you have several 3-parties who give you the option to download from the publisher's site rather than theres....mostly for more up-to-date versions. What bothers me also is the fact, you find 300 source IP's on a file sharing network downloading Trojan baited software packages. If you thought you downloaded a 0-day movie but instead it turns out to be porno or an movie of an advertisement then you know what's up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts