Virus infected files found on Mozilla download site

Infected binary downloads or source code is nothing new and they are sometimes found on public download sites. The problem has been around since the days of Bulletin Board Systems. The latest example of this is a series of files on the Mozilla.org download site. It seems that Korean distributives for Mozilla and thunderbird for Linux turned out to be infected with the virus ‘Virus.Linux.RST.b’. The file mozilla-installer-bin from mozilla-1.7.6.ko-KR.linux-i686.installer.tar.gz and mozilla-xremote-client from thunderbird-1.0.2.tar.gz were infected with the virus.

The virus searches for executable ELF files in the current and /bin directories and infects them. When infecting files, it writes itself to the middle of the file, at the end of a section of code, which pushes the other sections lower down. It also contains a backdoor, which downloads scripts from another site, and executes them, using a standard shell.

The infected files have been removed from the Mozilla site now, this is is not the first time this will happen and it will not be the last time that a binary on a public download site will get infected. It just goes to show VIRUS SCAN EVERYTHING!!!