The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code.
This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.
The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap.
This is the most recent in a string of similar attacks. Sendmail, one of the most widely used e-mail server software packages, was also "trojaned" recently. Others affected in recent months have included OpenSSH, the secure remote access software, and even Fragroute, a hacker utility. The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents.
CERT released an advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained." CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."
News source: ZDNet
-1 Comments - Add comment