Feeds

Trojanized Sendmail distro circulated

Check those checksums

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

An enterprising computer enthusiast has managed to insert a Trojan in the source code for a recent Sendmail distro and to substitute the malicious package for the real McCoy on the Sendmail.org FTP server.

The malicious files were available from 28 September 2002 until 6 October 2002. The affected files, with their correct checksums are:
73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig

According to a recent CERT advisory, it is believed that the Trojan is de-activated when the system is restarted. It is also believed that users who downloaded from the sendmail.org HTTP server are not affected. Files on all mirror FTP and HTTP servers should be presumed infected.

The Trojan is activated at build time and functions with the privileges of the user building it, and apparently connects to an IRC server. The malicious code "forks a process that connects to a fixed remote server on 6667/TCP. This forked process allows the intruder to open a shell running in the context of the user who built the Sendmail software," CERT says.

One quick and dirty workaround would be to re-boot the affected machine (if that's convenient) for a little breathing space while the damage is assessed and/or blocking egress to port 6667. The packages available now at Sendmail.org are clean, but verifying the checksums still isn't a bad idea. Not that it ever was. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.