Over the weekend the DNS for bitchx.org was directly changed by someone who
exploited a machine at 18.104.22.168 aka smtp1.wia.com and was releasing
source for ircii-pana-1.0c19.tar.gz which included in the configure script
sa.sin_addr.s_addr = inet_addr ("22.214.171.124");
Previously the DNS was poisoned to cause users to download from what would
normally appear to be a legitimate FTP site. However in this case we
believe after contacting one of the admins for the machines that hosts the
DNS for BitchX.org that the actual machine itself may have been compromised
since the physical URL pointer on the website was pointed to
ftp2.bitchx.org which goes to the previously mentioned IP address.
We have taken action to correct the website and the DNS is being handled.
The machine at wia.com however is still compromised and has distributed a
number of copies of the compromised source code.
I have called the NOC at accretive-networks.net and notified them of the
machine in question. As soon as I am able to I will post a notice to the
proper mailing lists that have covered this issue and address them directly
so as to prevent this sort of thing from happening in the future without
our being notified any sooner than we were later Saturday evening.
RELI Networks, Inc.