Security 10748 Published by

Threatpost reports that someone was able to compromise a version of the vsftpd secure FTP server recently



The creator of vsftpd, security researcher Chris Evans, said in a blog post on Sunday that someone alerted him to the compromise and he subsequently found that one specific version of the server had been infected somehow.

"The backdoor payload is interesting. In response to a :-): smiley face in the FTP username, a TCP callback shell is attempted. There is no obfuscation. More interestingly, there's no attempt to broadcast any notification of installation of the bad package. So it's unclear how victims would be identified; and also pretty much guaranteed that any major redistributor would notice the badness. Therefore, perhaps someone was just having some lulz instead of seriously trying to cause trouble," Evans wrote.
  Vsftpd FTP Server Download Site Compromised