This is not good

| TrackBacks (3) |
From SANS:
The trend of putting trojaned downloads on software distribution sites continues unabated. A Korean site, officially **unaffiliated** with the Mozilla, Thunderbird, and Firefox development teams, distributes a Korean version of Mozilla Suite 1.7.6 and Thunderbird 1.0.2. Turns out, a couple of days ago, evil versions of Mozilla and Thunderbird for Linux appeared on this site. When installed, they would infect ELF binaries in /bin. The malware included a backdoor, although it had little spreading potential. Still, that's why, when you upgrade, make sure you download from a couple of mirrors and check that hash! Md5sum and SHA-1 are your friend. And, if you are really paranoid, RIPEMD-160 is a good acquaintance to have.

Update: According to information we've received (thanks, Roel!), Korean versions of Mozilla and Thunderbird distributed through **official** Mozilla FTP sites were also infected. So, if you use Korean Mozilla or Thunderbird, and downloaded the latest versions of thunderbird or mozilla, you may have been compromised. I suggest a good file integrity check, and perhaps a reinstall of your operating system and apps. Thanks again, Roel, for the clarification.

So, how did the infected versions get on the official site? Anybody got any more details?

3 TrackBacks

Listed below are links to blogs that reference this entry: This is not good.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/420

poker casino866 from poker casino866 on February 11, 2006 5:04 AM

poker casino poker 252 Read More

sonic brainwashing pandemic attachers letterhead chided:irritates McMartin poker rooms casinos http://www.payperday.com/poker-rooms-casinos.html Read More