Feeds

SourceForge mirror cracked: Served admin tool with gaping backdoor

Evil Korean load befouls 400 hapless punters

Intelligent flash storage arrays

SourceForge has launched a clean-up after a backdoored copy of phpMyAdmin was served up from a Korean-based mirror maintained by the popular open source repository.

Logs indicate 400 users downloaded a corrupted copy of the phpMyAdmin database admin tool before the compromised code was identified and access to the ‘cdnetworks-kr-1′ mirror which had been dishing it out was suspended. The malicious code would have allowed hackers to remotely execute (potentially malicious) PHP code, according to a statement by phpMyAdmin's developers.

The compromised phpMyAdmin-3.5.2.2-all-languages.zip package was available for three days from 22 September until its discovery on 25 September, according to a statement by SourceForge, which said the tainted code was only served from its Korean mirror. The motives, tactics or perpetrators behind the breach remain unclear.

Through logs, we have identified that approximately 400 users downloaded this corrupted file. Notice of this corrupted file has been transmitted through security notice by the phpMyAdmin project and direct email to those users we were able to identify through our logs. The corrupted copy included malicious code allowing arbitrary commands by the Web server user.

It is our recommendation that downloaders of this corrupted file (which contains ‘server_sync.php’) assess risk and take action as they deem appropriate, including deletion of the corrupted file and downloading a fresh copy. Downloaders are at risk only if a corrupt copy of this software was obtained, installed on a server, and serving was enabled.

Security researchers at Tencent are credited with blowing the whistle on the breach. ®

Security for virtualized datacentres

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.