Revulytics Blog

Infected Firefox Add-in Demonstrates Need for Internal Code Protection

May 9, 2008


We've seen this threat before in the software piracy world, where illegal versions of antivirus products have been distributed via P2P networks with embedded malware. This latest story demonstrates the ease in which malware can cloak itself and be distributed within a legitimate application.

Mozilla unwittingly shipped the "W32/Xorer.A" worm embedded in a Firefox language pack. Although the story discusses the need for frequent virus scanning, malware writers could ensure that each time the file embeds itself, its signature is jittered to avoid detection. Imagine a scarier scenario where an enterprise or financial application becomes infected (by a compromised machine, insider threat, or offshore development) and the malware buried within the application is then distributed across thousands of desktops. Programming techniques exist that obscure the malware within application binaries and prevent it from being detected by virus scanners.

One option is to use software protection technology. By embedding runtime monitoring capabilities within an application file, the application can ensure its own integrity and prevent it from running in a tampered state no matter where it is distributed.

Activate Your Data-Driven Compliance Program

Add new license revenue by detecting, identifying and converting unpaid users into paying customers.

Michael Goff

Post written by Michael Goff

Marketing Director at Revulytics
Michael is Marketing Director at Revulytics where he is responsible for corporate marketing, content, and social media. He has helped to educate the industry on the benefits of software usage analytics for compliance and product management through the company's blog and contributed articles in trade publications. Michael was previously a marketing programs manager at The MathWorks and principal at Goff Communications. Michael earned a J.D. from Boston University School of Law and a B.A. from Colgate University.