CERT warns of Trojan horse in Sendmail package
An Internet hacker succeeded in implanting some copies of the source code for the Sendmail package with a Trojan horse, allowing intruders to access computers on which the popular mail-server was compiled and open computer networks to attack, security experts warned Tuesday.
The Trojan horse versions of the Sendmail package contain malicious code that creates a back door when the program is compiled from its source code, said CERT/CC (Computer Emergency Response Team Coordination Center) in a statement.
CERT/CC urges Web sites that employ, redistribute or mirror the Sendmail package to immediately verify the integrity of their distribution.
Modified versions of the files sendmail.8.12.6.tar.z and sendmail.8.12.6.tar.gz began to appear in downloads from the FTP (file transfer protocol) server ftp.sendmail.org on or around Sept. 28, 2002, according to CERT/CC.
The Sendmail development team disabled FTP access to the server on Oct. 6.
Although CERT/CC said it doesn't appear that copies downloaded via HTTP contained the Trojan horse, it encourages users who may have downloaded the source code via this protocol to verify software authenticity.
In particular, CERT/CC urges users to verify the cryptographic signatures of the packages. The Sendmail development team confirmed that Trojan horse copies failed signature checks.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
