Latest libpcap & tcpdump sources contain a trojan.
Results 1 to 3 of 3

Thread: Latest libpcap & tcpdump sources contain a trojan.

  1. #1
    Join Date
    Sep 2002

    Latest libpcap & tcpdump sources contain a trojan.

    now after SSH getting trojaned THIS!!
    i thought you guys should know


    * The trojan contains modifications to the configure script and
    gencode.c (in libpcap only).

    * The configure script downloads which is then sourced
    with the shell. It contains an embedded shell script that
    creates a C file, and compiles it.

    * The program connects to ( on port
    1963 and reads one of three one byte status codes:
    * A - program exits
    * D - forks and spawns a shell and does the needed file
    descriptor manipulation to redirect it to the existing
    connection to
    * M - closes connection, sleeps 3600 seconds, and then

    Good sources:

    MD5 Sum 0597c23e3496a5c108097b2a0f1bd0c7 libpcap-0.7.1.tar.gz
    MD5 Sum 6bc8da35f9eed4e675bfdf04ce312248 tcpdump-3.6.2.tar.gz
    MD5 Sum 03e5eac68c65b7e6ce8da03b0b0b225e tcpdump-3.7.1.tar.gz
    Trojaned sources:

    MD5 Sum 73ba7af963aff7c9e23fa1308a793dca libpcap-0.7.1.tar.gz
    MD5 Sum 3a1c2dd3471486f9c7df87029bf2f1e9 tcpdump-3.6.2.tar.gz
    MD5 Sum 3c410d8434e63fb3931fe77328e4dd88 tcpdump-3.7.1.tar.gz
    I don\'t wanna grow up change my skateboard for a tie

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Yeah, I heard about this... what a spin out!!!

    I must say, Im a bit skeptical. If I get the time, I may try and see if it is true myself...

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  3. #3
    Join Date
    Dec 2001
    I was wandering when you run the md5sum to tcpdump do would u use it for the .tar file or un-commpressed files?
    Casue when i run it against

    md5sum tcpdump-3.7.1.tar


    Are these files infected and if soo how would i un-install them casue i cant find the uninstallscript?for them!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts