September 22nd, 2005 10:29 AM
Mozilla and Linux.RST.b
Saw posted at
Viruses not just a Windows issue
But if you follow the links contained you find at
According to a report from antivirus company Kaspersky, Mozilla.org recently hosted Linux versions of the Mozilla browser and Thunderbird mail client that were infected with the Linux RST.b virus.
Analyst's Diary Infected files found on mozilla site
many disgruntled members concerning the reporting.
Mozilla Security Center
So apparently it was a mirror site that contained the infected files. No word as to how they got there, but just something to be aware.
Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17.
Mozilla recommends to our Korean users who have downloaded affected products to run an AntiVirus product on their machine to scan for the Linux.RST.b virus and delete infected files. Further information about the Linux.RST.b virus can be found here: http://us.mcafee.com/virusInfo/defau...&virus_k=99978
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
September 22nd, 2005 01:30 PM
Since I haven't posted in a bit, I think it's time to jump back in..
It's amusing that the original article is titled as it is.... and even more so that it contains this line:
This is actually a quite old virus... Symantec puts the discovery date as being April 23, 2002 (source)..
Unfortunately as Linux grows in popularity it is inevitable that it will attract attention from authors of malicious code.
While it's true that any system can get a virus, as it has been said several times, the operating system is only as good as the user. It sounds like there was an idiot working on the Korean version who somehow managed to download and run a virus that's quite outdated. Maybe they purposely did it to backdoor users systems... It's fishy that it's only supposed to affect the /bin directory and the directory that it's executed it and still managed to infect the distributed version of mozilla... but then again, that's just my opinion.
The Analyst's Diary link was actually fun to read... everyone's blaming someone for it.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
September 22nd, 2005 04:42 PM
I agree with the folks on that external site. Sure Mozilla hosted files but they are also built nightly and updated sometimes. The problem stems whenever another 3-party or website gives a review of the package and offers you to download from their site instead of the author. In fact, you have several 3-parties who give you the option to download from the publisher's site rather than theres....mostly for more up-to-date versions. What bothers me also is the fact, you find 300 source IP's on a file sharing network downloading Trojan baited software packages. If you thought you downloaded a 0-day movie but instead it turns out to be porno or an movie of an advertisement then you know what's up.