July 2nd, 2002, 08:52 AM
BitchX.org's Rooted ?
Source: Security News Portal.
ftp.bitchx.org's ircii-pana-1.0c19.tar.gz is backdoored. Cable modem users get trojan download... BitchX.org's Rooted ?
07-01-2002 10:53:57 AM CST -- from the Bug Reports
Hank Leininger from metasecuritygroup.com is reporting that a few hours ago (1 AM US/Eastern time, July 1) we downloaded ircii-pana-1.0c19.tar.gz from ftp.bitchx.com (184.108.40.206) and reviewed the configure script before running it. It has essentially the same configure backdoor as fragroute-1.2.tar.gz -- a TCP connection is made outbound, with a shell bound to it (a reverse telnet). This appears to retry/respawn once per hour. The 1.0c19 tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be trojaned when we pulled from there about an hour later.
July 2nd, 2002, 08:55 AM
``Host Name Lookup Failed``
July 2nd, 2002, 02:21 PM
lol im wondering if the people who created this version is aware of the back door.. either someone slipped the code in, or they intentionally put it there themselves.