This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.
The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap.
This is the most recent in a string of similar attacks. Sendmail, one of the most widely used email server software packages, was also "trojaned" recently. Others affected in recent months have included OpenSSH, the secure remote access software, and even Fragroute, a hacker utility.
The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents.
CERT have released an advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained."
CERT have provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."
"Linux download site hacked"
Wow! This sounds serious! I wonder how many people downloaded linux from this site and now have an infected operating system. I guess it's back to windows for everyone now. That's too bad, it seemed like linux had such promise. Good reporting and even better editorial choice on the headline. Thanks for keeping us so well informed.