Firefox add-on infected with Trojan remnant

Update 4:15 p.m. May 12: The file was actually infected with a remnant part of code from the Xorer Trojan, not with the full Trojan itself, according to a follow-up Mozilla blog post. The remnant "does not infect the user's machine with the virus (and) is a remnant from a virus that most likely infected the language pack developer's machine," Mozilla said. "To minimize the potential of something similar happening in the future, Mozilla is now scanning all add-ons whenever the signatures for the antivirus software are updated."

A Vietnamese language pack infected with parts of a Trojan for the Firefox Web browser was available for download from the open-source Web browser's official add-on site for months.

Mozilla, which oversees the project, announced the problem on its security blog on Wednesday, saying people should disable the add-on pack for now.

"Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008, got an infected copy," Mozilla said. "While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited."

The author of the add-on pack, who acknowledged on Thursday that his machine had been infected, isn't suspected of any intentional harm, according to the discussion of the problem. The author offered a cleaned-up version Thursday that so far appears OK.

Mozilla scans its files for viruses, Trojans, and other problems. But the file had been uploaded nearly two months before the antivirus software could detect the Trojan in question, called Xorer.

(Via SecurityFocus.)