BitchX backdoor

Domāju, ka lielākā daļa interesentu jau ir informēta par to, ka BitchX IRC klienta instalācijas arhīvā ir atrasts backdoor. Tas pats, kas agrāk notika ar irssi klientu.

A few hours ago (1 AM US/Eastern time, July 1) we downloaded
ircii-pana-1.0c19.tar.gz from ftp.bitchx.com 216.165.191.5) and reviewed the configure script before running it. It has essentially the same configure backdoor as fragroute-1.2.tar.gz[1] — a TCP connection is made outbound, with a shell bound to it (a reverse telnet). This appears to retry/respawn once per hour. The 1.0c19 tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be trojaned when we pulled from there about an hour later.

Sīkāka informācija ir atrodama securityfocus.com.
Info iesūtīja Kaspars aka Worm.

Viens komentārs par “BitchX backdoor

Ieraksti komentāru

Tava e-pasta adrese netiks publicēta.