Incidents

Infected files found on mozilla site

Infected binary or source code files aren’t anything new. And sometimes they are found on public servers. Mozilla.org is the latest example.

Korean distributives for mozilla and thunderbird for linux turned out to be infected – mozilla-installer-bin from mozilla-1.7.6.ko-KR.linux-i686.installer.tar.gz and mozilla-xremote-client from thunderbird-1.0.2.tar.gz were infected with Virus.Linux.RST.b

This virus searches for executable ELF files in the current and /bin directories and infects them. When infecting files, it writes itself to the middle of the file, at the end of a section of code, which pushes the other sections lower down. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell.

The infected files have now been removed, but it took some time. And this isn’t the first time that infected binary or source code files have been placed on public servers. Yet another example of why you should have an up to date antivirus solution, and scan EVERYTHING you download, without exception.

Infected files found on mozilla site

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox