Korean Mozilla and Thunderbird Distro Site Woes
The trend of putting trojaned downloads on software distribution sites continues unabated. A Korean site, officially **unaffiliated** with the Mozilla, Thunderbird, and Firefox development teams, distributes a Korean version of Mozilla Suite 1.7.6 and Thunderbird 1.0.2. Turns out, a couple of days ago, evil versions of Mozilla and Thunderbird for Linux appeared on this site. When installed, they would infect ELF binaries in /bin. The malware included a backdoor, although it had little spreading potential. Still, that's why, when you upgrade, make sure you download from a couple of mirrors and check that hash! Md5sum and SHA-1 are your friend. And, if you are really paranoid, RIPEMD-160 is a good acquaintance to have.
Update: According to information we've received (thanks, Roel!), Korean versions of Mozilla and Thunderbird distributed through **official** Mozilla FTP sites were also infected. So, if you use Korean Mozilla or Thunderbird, and downloaded the latest versions of thunderbird or mozilla, you may have been compromised. I suggest a good file integrity check, and perhaps a reinstall of your operating system and apps. Thanks again, Roel, for the clarification.
Update: According to information we've received (thanks, Roel!), Korean versions of Mozilla and Thunderbird distributed through **official** Mozilla FTP sites were also infected. So, if you use Korean Mozilla or Thunderbird, and downloaded the latest versions of thunderbird or mozilla, you may have been compromised. I suggest a good file integrity check, and perhaps a reinstall of your operating system and apps. Thanks again, Roel, for the clarification.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments