[Nelug] Linux under attack

Johng johng at surfshop.net.ph
Mon Nov 18 13:21:00 UTC 2002

Look out guys, Linux is now the system for crackers to attack.

Use them there MD5 checksums, or do the crackers crack them as well?


Linux utility site hacked, infected

The download site for two very common Linux based utilities,
tcpdump.org, was hacked into on Nov. 11, and the software available for
download was modified to contain Trojan Horse code. 

This Trojan Horse, or "back door" software allows the hacker that wrote
it to access any machine on which the modified software is run. 

The two software items affected are tcpdump and libpcap, tools commonly
used in information security applications. Some Intrusion Detection
System (IDS) software requires libpcap. 

This is the most recent in a string of similar attacks. Sendmail, one of
the most widely used e-mail server software packages, was also
"trojaned" recently. Others affected in recent months have included
OpenSSH, the secure remote access software, and even Fragroute, a hacker

The identity of the hacker conducting this campaign is unknown, as is
whether a connection exists between the separate incidents. 

CERT released an advisory in which they ".encourage sites using libpcap
and tcpdump to verify the authenticity of their distribution, regardless
of where it was obtained." 

CERT provided the information necessary to determine the authenticity of
any libpcap or tcpdump software recently downloaded. The advisory also
encourages users to verify all software before installing it. "As a
matter of good security practice, the CERT/CC encourages users to
verify, whenever possible, the integrity of downloaded software." 

More information about the Nelug mailing list