1 |
Vitaly Kushneriuk <vitaly_kushneriuk@×××××.com> writes: |
2 |
|
3 |
> On Thu, 2002-08-01 at 11:37, Rob Kaper wrote: |
4 |
> |
5 |
> > Pat, Neil, Gentoo devs, KDE friends: |
6 |
|
7 |
[ ... ] |
8 |
|
9 |
> > <knu> see the code, but never run make |
10 |
> > <knu> openbsd-compat/{Makefile.in,bf-test.c} |
11 |
|
12 |
hm. can someone tell me what is up with bf-test.c? these char |
13 |
datas are rather unreadable to me. |
14 |
|
15 |
> > Looks like some weird stuff is in there indeed. |
16 |
> > |
17 |
> > md5sum of the binary that appears to be trojaned: |
18 |
> > |
19 |
> > 3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz |
20 |
> > |
21 |
> > As far as I can see, compiled binaries are *not* affected, but you |
22 |
> > might want to carefully examin this more closely (I'm waiting with |
23 |
> > upgradepkg en emerge on my systems until there's some more |
24 |
> > info). We've had a few hoaxes recently, but this looks suspicious. |
25 |
> > |
26 |
> > My apologies if this is just a storm in a glass of water. |
27 |
> |
28 |
> It's indeed looks like a trojan. It doesn't send you'r etc/passwd |
29 |
> tho. It connects to the 203.62.158.32[web.snsonline.net.] port |
30 |
> 6667[irc] and opens shell session on that connection, so that |
31 |
> whoever is in control there will be able to execute arbitraty |
32 |
> commands on your system with you'r current privileges. especialy |
33 |
> dangerouus if you compile as root. |
34 |
|
35 |
ick. can someone confirm this trojan? |
36 |
|
37 |
-- |
38 |
Terje |