Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Korean Mozilla Binaries Infected

CmdrTaco posted more than 8 years ago | from the caught-with-their-pants-down dept.

Mozilla 592

Magnus writes "Korean distributions of Mozilla and Thunderbird for Linux were infected with Virus.Linux.RST.b. This virus searches for executable ELF files in the current and /bin directories and infects them. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell."

cancel ×

592 comments

Sorry! There are no comments related to the filter you selected.

FISRT POTS (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13613001)

ROFL! SECURITY! ROFL!

First April post for April 1st 2006 (-1, Offtopic)

ArsenneLupin (766289) | more than 8 years ago | (#13613003)

(n/t)

First? (-1, Troll)

AttilaSz (707951) | more than 8 years ago | (#13613006)

FP

fp? (-1, Troll)

asbestospiping (607061) | more than 8 years ago | (#13613008)

boo

Secure.. (-1, Flamebait)

McLetter (915953) | more than 8 years ago | (#13613010)

And they said Linux is more secure than Windows..

Re:Secure.. (5, Informative)

Anonymous Coward | more than 8 years ago | (#13613106)

Actually Linux is more secure. If you run mozilla as a normal user, then mozilla and the virus can't write to the files in /bin, and therefor can't do any really servere damage.

No, no, no... Windows is as secure. (3, Informative)

MyTwoCentsWorth (593731) | more than 8 years ago | (#13613192)

Since if you run it as a normal user on Windows it cannot damage the system files either :)

Re:Secure.. (3, Insightful)

Wierd Willy (161814) | more than 8 years ago | (#13613177)

And they said Linux is more secure than Windows..


It is. The fact that the only way for it to be effective is to pre-infect the original distribution. Which means someone miscopulated the canine. Still cant get around human fallibility in that regard.

Linux is still much more secure in its raw state than almost any closed-source product even after post-install configuration. Anyone with a modicum of experience with a fresh *nix installation will likely spot this before it does any real damage.

Suppose it was only a matter of time before someone figured this out though. Goes to show you, it is not a good idea to hook any system up to a network or the web before you finish the basic post-install configurations.

Virus data (5, Informative)

NoInfo (247461) | more than 8 years ago | (#13613011)

This virus has been in the wild since at least early 2002.

Here's Symantec's take on the virus:

http://securityresponse.symantec.com/avcenter/venc /data/linux.rst.b.html [symantec.com]

Re:Virus data (0, Flamebait)

goldspider (445116) | more than 8 years ago | (#13613040)

That's odd... I learned here [slashdot.org] that Mozilla is clearly more responsive to security bugs than Microsoft. What gives?

Re:Virus data (5, Insightful)

_bug_ (112702) | more than 8 years ago | (#13613102)

That's odd... I learned here that Mozilla is clearly more responsive to security bugs than Microsoft. What gives?

You mean besides the fact that the binaries were removed as soon as they found out?

Re:Virus data - It's old! RTFM (4, Informative)

Anonymous Coward | more than 8 years ago | (#13613244)

If the poster would have read and UNDERSTOOD the original article, he would have realised that it was only a general hint about dangers that can happen when you dowload binaries. He refers to an OLD mozilla security breach (check out the version numbers).

"Infected binary or source code files aren't anything new. And sometimes they are found on public servers. Mozilla.org is the latest example.

Korean distributives for mozilla and thunderbird for linux turned out to be infected - mozilla-installer-bin from mozilla-1.7.6.ko-KR.linux-i686.installer.tar.gz and mozilla-xremote-client from thunderbird-1.0.2.tar.gz were infected with Virus.Linux.RST.b"

So let me get this straight... (5, Funny)

SpocksLoveChild (829854) | more than 8 years ago | (#13613012)

it's a virus?... for linux? I'm sorry but just don't understand the situation?

Re:So let me get this straight... (5, Funny)

Anonymous Coward | more than 8 years ago | (#13613115)

No worries. That is common for most slashdot readers.

Everything is vulnerable. (3, Informative)

bugbeak (711163) | more than 8 years ago | (#13613018)

Guess anything that can be programmed is also vulnerable, regardless of how impenetrable it is.

Re:Everything is vulnerable. (1)

McLetter (915953) | more than 8 years ago | (#13613046)

There will always be loopholes in any program/code/language/os.. So yeah. As long as the program exsists, there will be people to exploit it's problems.

Re:Everything is vulnerable. (0)

Anonymous Coward | more than 8 years ago | (#13613168)

its problems Fixed that for ya, retard.

Re:Everything is vulnerable. (2, Insightful)

gcw1 (914577) | more than 8 years ago | (#13613100)

The more common users that are starting to embrace what are thought of as secure products... the more people will start to exploit.

Quite postmodern (1)

jpsowin (325530) | more than 8 years ago | (#13613155)

Guess anything that can be programmed is also vulnerable, regardless of how impenetrable it is.

I guess anything that can be built can be broken, regardless of how unbreakable it is.

Re:Everything is vulnerable. (0)

Anonymous Coward | more than 8 years ago | (#13613252)


Newsflash - Linux is *not* "impenetrable". If you want a really secure OS, try OpenVMS [openvms.org] or my favourite, OpenBSD [openbsd.org] .

6 stories down on the front page (2, Funny)

ifwm (687373) | more than 8 years ago | (#13613020)

"Mozilla hits back at browser security claim"

BWAHAHAHAHAHAHA.

Re:6 stories down on the front page (1)

Ingolfke (515826) | more than 8 years ago | (#13613079)

Well this has nothing to do with their browser's security. It really has to do with the security of the Mozilla servers in Korea.

Re:6 stories down on the front page (3, Informative)

dtfinch (661405) | more than 8 years ago | (#13613124)

If you're talking about mozilla.or.kr, the Mozilla Foundation does not own or control that site.

Re:6 stories down on the front page (2, Insightful)

NutscrapeSucks (446616) | more than 8 years ago | (#13613188)

They do own and control the international trademark used by that domain name (I hope). Maybe they should be more careful who they loan it to.

Re:6 stories down on the front page (1)

sn0wflake (592745) | more than 8 years ago | (#13613251)

Just forget being modded up :) When it's bad FOSS news then it has no affiliation with the community. When it's good news everything is just super-duper-dandy. There are times when I wonder what sickens me the most. Microsoft or the FOSS community.

Re:6 stories down on the front page (5, Informative)

tpgp (48001) | more than 8 years ago | (#13613214)

"Mozilla hits back at browser security claim"

Funny? Yes. True? No - you see its not exactly a mozilla problem.

Whilst searching for more information about this, I stumbled across this page [mozillazine.org] last time these servers were hacked in June).

Choice quote:

Unlike Mozilla Europe, Mozilla Japan and Mozilla China, the Korean Mozilla site is not officially affiliated with the Mozilla Foundation.


So, its not mozilla.org (the article states "on public servers. Mozilla.org is the latest example")

Its someone who's taken the mozilla source and made their own binaries. A problem yes, a serious problem even, but not to the scale that Kaspersky Labs would have us believe.

Who would have thought it? A security company overhyping an issue!

I'm not sure why they bother. Do they really think stories like this are going to make linux users go and buy their security 'solution'?

Ha. (5, Funny)

Anonymous Coward | more than 8 years ago | (#13613021)

So much for OSS security. Show me one instance of this happening to Microsoft...

Oh, wait.

Re:Ha. (1)

PickyH3D (680158) | more than 8 years ago | (#13613036)

Coming with the installer? Show me too.

Re:Ha. (0)

Anonymous Coward | more than 8 years ago | (#13613096)

Many spyware/viruses/adware will come as part of installers. In fact, search for random little Windows application, download it, and run the installer. Your chances of picking up crap are probably better than getting the application itself. And yes, this is still MS's fault, were it not for default admin users this would be much less of a pain.

Re:Ha. (1)

Raistlin77 (754120) | more than 8 years ago | (#13613248)

Gee, I though Internet Explorer came with every Windows installer...

Not going to go over well... (0, Troll)

Spiffae (707428) | more than 8 years ago | (#13613023)

...after Yesterday's story [slashdot.org]

Oops Mozilla. Damage control - Engage!.

Re:Not going to go over well... (1)

Ingolfke (515826) | more than 8 years ago | (#13613119)

The issue here isn't that Mozilla the app is insecure, it's that the servers they run on weren't properly secured. Now wether that's due to poor system management or the underlying OS and software (probably FOSS) running the site will have to be determined. It's disconcerting that this could happen, but certainly isn't as sever as a vulnerability affecting hundreds of thousands of installed applications

Korean Mozilla Binaries Infected (5, Funny)

Anonymous Coward | more than 8 years ago | (#13613025)

Birdflu ?

And so it begins... (4, Insightful)

eno2001 (527078) | more than 8 years ago | (#13613026)

...expect to see more of this as the popularity of OSS continues. Of course, unlike Windows it won't get far since MOST users are smart enough to not be running as root.

Um... (4, Insightful)

Noksagt (69097) | more than 8 years ago | (#13613118)

Of course, unlike Windows it won't get far since MOST users are smart enough to not be running as root.
Most users still install software as root & even if they don't, the user usually has access to /bin & would be able to run scripts.

Re:Um... (1, Interesting)

eno2001 (527078) | more than 8 years ago | (#13613161)

But they need WRITE access to bin in order to inject the virus in the first place. However, you are correct in that most users do install as root in order to get the binaries into /usr. But I don't think the installer is what causes the infection. It is the execution of Mozilla that would infect a system. As long as root doesn't run Mozilla, it shouldn't be an issue.

Re:Um... (1)

Cocoronixx (551128) | more than 8 years ago | (#13613184)

Of course, unlike Windows it won't get far since MOST users are smart enough to not be running as root.
Most users still install software as root & even if they don't, the user usually has access to /bin &amp would be able to run scripts.
Yeah, READ access. Thanks for playing.

Re:Um... (4, Insightful)

Lussarn (105276) | more than 8 years ago | (#13613245)

Most of all programs in Linux, about 99.99% is distribution supplied and isn't likely to have virus/trojan/spyware in them.

Re:Um... (1)

colinleroy (592025) | more than 8 years ago | (#13613261)

the user usually has access to /bin

Write access ?

Re:And so it begins... (2, Insightful)

NineNine (235196) | more than 8 years ago | (#13613142)

So then are you saying that only security experts run Linux, or that all Linux users somehow magically learn about what "root" is upon installation? I'm not understanding what you're saying, since I've never met a non-IT person who knew that "root" had anything to do with computers.

Re:And so it begins... (1)

sn0wflake (592745) | more than 8 years ago | (#13613144)

Unlike most that browse Slashdot actually use Linux to do it :) See the server statistics for more info.

Re:And so it begins... (1)

dtfinch (661405) | more than 8 years ago | (#13613170)

Of course, unlike Windows it won't get far since MOST users are smart enough to not be running as root.

And as we all know nobody installs Linux software as root. :)

Re:And so it begins... (1)

sosume (680416) | more than 8 years ago | (#13613180)

Please explain how to install Mozilla on a generic linux box without being root. If the installer binaries are infected, well, you're screwed.

Re:And so it begins... (0)

Anonymous Coward | more than 8 years ago | (#13613211)

Actually, intelligence has little barring on the issue. Software developed for Windows for the most part requires the user to run as an Administrator. That, I'll grant you. However, this is not Microsoft's fault-- indeed Microsoft specifies in section 3.4 of the Designed for Windows XP specifications that running under a limited account is a requirement.

If you stick with software that has earned the Designed for XP logo, you are good to go.

re: And so it begins... (1)

lakcaj (811907) | more than 8 years ago | (#13613212)

On my desktop machine, it's my _user_ data that I care about. I can afford to lose a bunch of files in /var/lib, as long as I don't lose all the valuable data I have in /home/lakcaj. A re-install of debian with broadband takes me little over an hour. I've spent months and even years on some of my personal files (before you ask, of course I do backups).

Also, for those of you that think you need root access to hose a system, go ahead and do a rm / -rfv as a normal user and see what happens ;)

First time real-world linux virus spread? (2, Interesting)

rezza (677520) | more than 8 years ago | (#13613027)

Is this the first time a linux virus has been spreading in the wild?

Re:First time real-world linux virus spread? (3, Insightful)

imr (106517) | more than 8 years ago | (#13613185)

Where does it says it spread?
It is a 3 years old thing and it never spread, why should it now?
It has been found somewhere on some server in some package.
OK, then?

Distros build their version of softwares from source, they check the sources, their users get their software from their distro.
End of the story.

Moral of the story:
-don't download binaries from other sources than your distro.
-don't install binaries from other sources than your distro as root.

This proves ... (1, Funny)

Anonymous Coward | more than 8 years ago | (#13613029)

This proves that Linux is teh suck!
Or, it might actually prove that people who log in and use Linux as the root user on a habitual basis deserve whatever they have coming to them.

Re:This proves ... (2, Insightful)

eno2001 (527078) | more than 8 years ago | (#13613089)

Exactly. If you run as root, you're a moron. If you run as a regular user, then the only thing you might hose is your own /home dir. If you're a smart user, you've been backup up your /home dir to a location that only root can access... That way recovery is painless. Very different from Windows where you have to reinstall the OS to be sure you're clean. (BTW, we're talking home users, not corporate users)

...that Firefox needs to be fixed? (2, Interesting)

Paul Neubauer (86753) | more than 8 years ago | (#13613175)

As I recall, Firefox (which is not the same as Mozilla, yes, I know) won't work quite right unless it is run as root once. Isn't that a security hole waiting to be exploited by something like this? Even a user who normally doesn't normally run as root can be hit with this situation.

Re:...that Firefox needs to be fixed? (0)

Paul Neubauer (86753) | more than 8 years ago | (#13613215)

Bah, even using preview I didn't catch that screwed up phrasing. Guess I better not do anything too important for a while.

Here it comes..... (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#13613031)

Well, in Korea, only old people use Mozilla and Thunderbird for Linux.

Survey says... (1, Funny)

Ingolfke (515826) | more than 8 years ago | (#13613039)

Steve Balmer is going to have a good day today.

Re:Survey says... (0)

Anonymous Coward | more than 8 years ago | (#13613126)

His executive chair breathes a sigh or relief. "No more abuse" it thinks to itself.

*Balmer goes over to sit on chair*

Oh, the humanity.

Black day for Unix Firefox users (5, Informative)

teslatug (543527) | more than 8 years ago | (#13613043)

A new flaw affecting Firefox users under Unix allows webmasters to craft a URL that when run from an application like Evolution can execute any command. The flaw stems from the use of backticks in the shell script used to launch Firefox. Read more about it here on the Secunia advisory [secunia.com] . Version 1.0.7 fixing the flaw is already out.

source? (3, Informative)

mmkkbb (816035) | more than 8 years ago | (#13613045)

Where does this information come from? I can't find any corroborating story from another source. However, I did find this bit of trivia here [mozillazine.org] :
Those hackers could just as well have served people distributions of Firefox infected with a virus.

They could have easily replaced the app signatures to match the infected binaries.

Re:source? (1)

n0-0p (325773) | more than 8 years ago | (#13613242)

I've just spent the last ten minutes searching for corroboration and all I found was the same thing you did. It is quite posible the hackers were serving up trojan binaries for a while before they defaced the site. That would fit in with the time line and explain this pretty well.

The other important point is that the Korean site was not officially affiliated with the Mozilla organization (unlike US, China, Europe, Japan, etc.). Because of this the the Mozilla foundation had no control and couldn't impose any standards. It was just a fan site.

I R KOREA ^__^ (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13613047)

ZERG RUSH!

Treaty (0)

NotFamous (827147) | more than 8 years ago | (#13613048)

...and it pops up a window saying..."No more Nukes for you!"

Re:Treaty (0)

Anonymous Coward | more than 8 years ago | (#13613186)

You're a retard.

Antivirus? (1, Interesting)

jtolds (413336) | more than 8 years ago | (#13613049)

From TFA:
Yet another example of why you should have an up to date antivirus solution, and scan EVERYTHING you download, without exception


Really? I wonder if this website really knows much about Linux at all. That's fine advice for a platform that has antivirus products.

This certainly doesn't bode well for these new 'IE is more secure than Firefox' claims.

Even so, as long as the user you run doesn't have write acccess to any executables (tis a good idea), you're fine.

Re:Antivirus? (1)

Compholio (770966) | more than 8 years ago | (#13613101)

Really? I wonder if this website really knows much about Linux at all. That's fine advice for a platform that has antivirus products.

Well, technically Linux has antivirus products - just most of them are for scanning Windows executables that are going through your Linux mail system. If you're running the SELinux extensions it'd probably stop the thing anyway though.

Re:Antivirus? (1)

XO (250276) | more than 8 years ago | (#13613163)

So, you're running the installation program as root, so that it can be installed into the system directories, so that all users can use it. Probably a pretty normal thing for Mozilla, eh?

  Now your /bin is all forked up.

  And there are antivirus programs for Linux.

You're fine?!? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#13613200)

Even so, as long as the user you run doesn't have write acccess to any executables (tis a good idea), you're fine.

Uh, but don't you need write access to be able to install the infected mozilla executables? Even if it can't infect executables, having your web browser infected is more than bad enough since you typically enter all sorts of "interesting" information in your browser. How is this "fine"?

Errr... Outdated? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#13613051)

This link is saying that Mozilla 1.7.6 and Thunderbird 1.0.2 Korean For Linux were infected. But it doesn't mention any other versions.

Old news? Crap that doesn't matter (any more)?

ELF files (-1, Offtopic)

ShentarZ31 (915395) | more than 8 years ago | (#13613055)

sooo... the virus lets in ELFs through the backdoor.. I hope I am summarizing this right. We all know pengiuns aren't very good watchdogs..watchbirds..

More evidence that Mozilla is NOT secure by design (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13613059)

I'll be downloading IE (digitally signed) from microsoft.com in future.

Let the thrashing begin! (3, Insightful)

smooth wombat (796938) | more than 8 years ago | (#13613062)

I can hear it now; "See, FF isn't as secure as its supporters claim it is."

Whatever.

Considering this only affects one operating system (Linux) and occured in only one area of the world (Korea), despite this flaw it's still a whole bunch better than getting an update for IE our Outlook and having everyone who uses Windows, regardless of where they are in the world, being infected.

Re:Let the thrashing begin! (1)

gasaraki (262206) | more than 8 years ago | (#13613085)

Except that Firefox doesn't "believe in" the digital signatures that protect IE users from problems like this. It's not "open source" enough for them. So their users get infected with viruses like this. Some ideology.

Re:Let the thrashing begin! (1)

nomadic (141991) | more than 8 years ago | (#13613132)

I can hear it now; "See, FF isn't as secure as its supporters claim it is." Whatever.

So you're angry over what people are GOING to say? Why not let them say it before you get mad?

Re:Let the thrashing begin! (1)

XO (250276) | more than 8 years ago | (#13613134)

aside from the obvious jokes about their perceived security issues, I don't know that Microsoft's update servers have ever dumped viruses onto people, have they?

Re:Let the thrashing begin! (1)

Pharmboy (216950) | more than 8 years ago | (#13613263)

This wasn't a "Linux Update Server". There is not such a thing. It was a virus planted in ONE APPLICATION, in ONE LANGUAGE. Mozilla also runs on several other platforms, in several other languages. Using any MS vs. Linux comparison is totally void in this context.

This is a reflection of the people managing the Korean servers, not of Mozilla. It is not Mozilla's server or under their control. All these references to yesterday's security report on Mozilla are irrelevent, as they simply do not apply.

You might as well say that Windows has bad security because you didn't lock your doors, and I went and stole your computer. The two are simply unrelated.

Wake up. (-1)

Anonymous Coward | more than 8 years ago | (#13613151)

OSS is teh sux. Microsoft is god.

Re:Let the thrashing begin! (1)

Frankie70 (803801) | more than 8 years ago | (#13613181)


Considering this only affects one operating system (Linux)


The only cross-platform binary compatible virus, I have ever heard of was in the Movie 'Independence Day'.

Open Wide ! (0, Troll)

UberHoser (868520) | more than 8 years ago | (#13613066)

Cause here comes that big old peice of Humble Pie !.

mmmm pie.....

Since everything, (cept /.) is blocked by the surf nazis, I wonder how the distribution got infected ?

Every OS needs protection (2, Insightful)

TarrySingh (916400) | more than 8 years ago | (#13613068)

And that applies to Linux as well. Yet another example of why you should have an up to date antivirus solution, and scan EVERYTHING you download, without exception. This is what we ought to teach end users to practice and also system Admins need to follow advice on this. Understand SELinux, Firewalling and virus detection is crucial.

Poor Koreans... Again... (3, Funny)

dtfinch (661405) | more than 8 years ago | (#13613090)

First the unofficial Korean Mozilla site in July, and now long obsolete versions of the Korean Mozilla (not Firefox) and Korean Thunderbird builds. I doubt anyone was infected, nor was that likely the intent, especially given the old, neither stable nor current, version numbers, but one thing is clear. Someone out there really doesn't like Koreans.

Someone out there really doesn't like Koreans. (-1)

Pichu0102 (916292) | more than 8 years ago | (#13613232)

Yeah, they're called US World of Warcraft players.

Re:Poor Koreans... Again... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13613247)

Jesus hates Koreans.

I don't see how this works (0)

Anonymous Coward | more than 8 years ago | (#13613095)

only root as write access to executables
in /bin, so how does this virus get around
that and change the executables (which is
what the report from viruslist says the
virus does)???!.

Is this just BS or does this virus somehow
get root privileges. I would bet the former.

Permissions? (3, Insightful)

InternationalCow (681980) | more than 8 years ago | (#13613110)

Well, the symantec description wasn't very useful to me. But if I read it right, the virus tries to infect /bin. But iirc it will have to be run with root privileges in order to be able to infect /bin. Dunno about you guys, but I never ever unpacked firefox builds into my home directory when running as root. Basic security. So, if I understand this correctly, it only infects /bin when you've been sloppy. Not much of a threat, is it?

Some stuff (-1)

Frankie70 (803801) | more than 8 years ago | (#13613120)

Going by the Firefox vs IE thread on /., I can
predict the huge majority of "Insightful" & "Interesting" posts in this article

1) Koreans are biased against Linux
2) Koreans are Microsoft shills.
3) Every virus discovered on Linux proves the greatness of OSS - patches are going to be released much earlier in Linux
4) We all know that the Korea govt benefits as a
whole if more people use Windows & hence they are spreading FUD against Linux
5) Linux devs are more honest - hence they admit to these viruses unlike dishonest Microsoft developers.
6) Micro$oft sucks
7) Windoze sucks

Re:Some stuff (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13613259)

Koreans are biased against Linux
Koreans are Microsoft shills.
Every virus discovered on Linux proves the greatness of OSS - patches are going to be released much earlier in Linux
We all know that the Korea govt benefits as a whole if more people use Windows & hence they are spreading FUD against Linux
Linux devs are more honest - hence they admit to these viruses unlike dishonest Microsoft developers.
Micro$oft sucks
Windoze sucks

The other shoe (0, Flamebait)

TripMaster Monkey (862126) | more than 8 years ago | (#13613121)


What's that sound? Uh-oh...that's the sound of the other shoe dropping.

Unfortunately, as Linux continues to gain popularity, this sort of thing is only going to increase. One of the basic reasons Linux used to be so secure is because anyone who took the time to sit down and learn the OS was technically savvy enough by the time they were done that they knew enough to take at least elementary precautions against infection. With the advent of easy to use, out-of-the-box Linux solutions (Xandros, I'm looking at you), the formerly steep learning curve for Linux has softened, and with that, some of its security has eroded.

Please don't think I'm trying to bill myself as some sort of Linux zealot, that believes that the holy OS should be kept out of the hands of the 'great unwashed', because I'm not. I'm just saying that a computer is only as secure as the person sitting at the keyboard lets it be.

Infecting /bin? (5, Insightful)

Danathar (267989) | more than 8 years ago | (#13613128)

I'm assuming this can only occur if you installed the virus infected material as root?

Nothing new here....if you install software as root from a compromised source and don't check the md5sums along with other precautions you put yourself at risk

MOZILLA ARE KOREA (-1, Offtopic)

BisexualPuppy (914772) | more than 8 years ago | (#13613130)

KEKEKEKEKE

In Korea.... (1, Funny)

Spy Handler (822350) | more than 8 years ago | (#13613136)

only old people get infected

OK, if you know *anything* about Linux (3, Interesting)

Shaman (1148) | more than 8 years ago | (#13613137)

Then you'll know this virus was distributed on purpose or the core distribution was hacked and the hackers distributed it on purpose.

You'll also know that the virus isn't infecting *anything* unless you're running as root or you're using a version of kernel and glibc that have specific flaws to allow the virus to do something as a regular user. Are they using a kernel and software from 2001? Maybe, for all I know, but that's pretty irresponsable if they are.

This is such a non-issue for anyone except the stunned distributor that sent around the CDs. Not the first time it happened to the Windows world, either.

Just WHAT was infected (1)

mrcdeckard (810717) | more than 8 years ago | (#13613147)

tfa was a bit brief -- was the tarball infected, or was it the firefox binary? was it infected during the build?

this doesn't seem like a problem/vulnerability with firefox per se, but a problem with their particular download page -- someone posted an infected file -- oops!

mr c

I knew in my bones... (1)

TheUnknownCoder (895032) | more than 8 years ago | (#13613148)

...that Microsoft was behind it.
Rumors are that they're running a sweatshop in Malaysia to mass produce viruses to attack the compteition's products, creating a hype about how safer MS really is.

Besides the one virus mentioned in the article, another one infected machines with the Google toolbar installed: it randomly displays a flying chair across your screen while popping up messages like "I'm gonna kill YOU!".

Ehh, this is a hijacked package. (1, Informative)

Anonymous Coward | more than 8 years ago | (#13613202)

Its not about a security exploit. Somebody managed to put up an altered binary on a public server. Its the exact same thing as if someone managed to alter a binary at download.com for windows. You wouldnt blame Microsoft for that would you?

move on (1)

Guru Goo (875426) | more than 8 years ago | (#13613208)

huh...just move on.there aint nothing for ya to see here.

Real users... (1)

guruevi (827432) | more than 8 years ago | (#13613210)

...use Lynx or Links, not a graphical interface!

so what you're saying is... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13613219)

Elfs use the backdoor? wait till my D&D friends hear about this!

Normal installation runs binaries as root (4, Informative)

Bogtha (906264) | more than 8 years ago | (#13613235)

Before everybody starts pointing out that they don't browse the web with their root account, and so can't write to any of the binaries on their system, you should be aware that one of the infected files is the installer - which most people do run as root.

Also, even if you don't run the installer binary, but simply unpack the tarball manually, the release notes tell you to run included binaries as root as part of the normal multi-user installation process [mozilla.org] .

trust no one (1)

brenddie (897982) | more than 8 years ago | (#13613236)

To trust no one should be part of a good
security practice. Just because you are downloading something from a well known not evil entity it doesnt mean you should let your guard down.
More like everything could be bad unless proven otherwise aproach.

It would be funny something like this happening on
the windows update servers as they are pushing the
automatic download and installation of updates.

The obvious (1, Funny)

floop (11798) | more than 8 years ago | (#13613241)

I can't believe Microsoft didn't do this sooner.

great... (0, Troll)

AxemRed (755470) | more than 8 years ago | (#13613260)

Why is only the Korean version infected? The North Korean leader is already paranoid enough. This will push him over the edge.

//Headline: North Korea Bans Use of Computers

file permission... (2, Insightful)

herve_masson (104332) | more than 8 years ago | (#13613267)

Who is that guy who don't feel necessary to precise that "/bin directories" can't be written by non-root users... Jeez, "all about internet security", really ? Make your facts accurate !

Comma and get it! (0)

Anonymous Coward | more than 8 years ago | (#13613271)

"It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell."

Well, I hope, this gets, fixed quickly.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>