Welcome Guest | |
Follow Us:
    
Newsletter Signup:
Open source project server hacked, software rigged with backdoor trojan
ProFTPD File Transfer server software compromised by attackers; anyone who downloaded it between November 28 through December 2 most likely at risk By Kelly Jackson Higgins, DarkReading, December 06, 2010
The main FTP server that serves up the open-source ProFTPD FTP software was hacked and booby-trapped with a backdoor Trojan -- meaning anyone who downloaded the code during the past few days from the server or its mirror servers could be running a compromised copy of the software that would allow the attacker full access to his systems.

The ProFTPD Project team yesterday reported that these servers were hosting the compromised version of the ProFTPD 1.3.3c source code, which runs on Unix and Unix-like systems. "All users who run versions of ProFTPD which have been downloaded and compiled in this time window are strongly advised to check their systems for security compromises and install unmodified versions of ProFTPD," the team posted on its site. They also provided a link for users to check the integrity of their ProFTPD code.

According to an analysis of the breach, the likely entry point for the attackers was an unpatched security hole in the FTP server daemon, which gave them access to the server, where the attackers then swapped out the legitimate code with their backdoored version. The breach was discovered and fixed yesterday.

"By placing a backdoor into the source code of ProFTPD, the attacker was probably interested in potentially gaining access to thousands of other FTP servers, as ProFTPD is a very popular software that is installed on millions of servers," says Chaouki Bekrar, CEO and head of research at VUPEN Security. "Any new server installation performed using the backdoored version of ProFTPD can be remotely compromised."

The backdoor malware gave the attackers remote, full root access to any systems that had downloaded the compromised FTP open-source server software.

VUPEN's Bekrar says incidents of backdoors being added to software are rare. "While adding a backdoor to a compromised source is reliable, it is highly visible. A more dangerous attack scenario would be adding a vulnerability to a software by simply changing a word or a letter from its source code, and it would be very difficult for the project maintainers to detect such changes," he says.


blog comments powered by Disqus
Digital Issues
View More
Sponsored White Papers

  • Multiple ways to build a Multi-tenant SaaS Apps

  • Global Study on Mobility Risks - India Study

  • Global Study on Mobility Risks

  • Security Pros & Cons : Infographic Summary Report

  • Security Pros & Cons : Research Report

  • Identity and Information Security Integration

  • How to Get Started with Enterprise Risk Management

  • Benefits of a Partnering with a Security Service Provider

  • Enabling Cost-Cutting Initiatives with eGRC

  • Best Practices in Log Management

    
Featured Videos
MasterCard's PayPass turns your phone into a smarter wallet
At CTIA conference in New Orleans, we got demo of MasterCard's PayPass Wallet. It can be used to book airplane tickets, pay for cabs or buy a coke with your phone
More Videos
Latest Open Source News
All Articles By Kelly Jackson Higgin
Top Stories
CIO Life
‘My inspirations from life’ - N Nataraj, Global CIO, Hexaware
Winner of several prestigious awards, there are several important lessons from N Nataraj's career and life, which are inspirational for emerging CIOs. He shares his key inspirations from life, and the lessons learnt from every individual
BankTech India - IT News for BFSI Segment
We're on Google+
InformationWeek India on Facebook