RE: sendmail trojan

["Vince" <vdh () plutonium homeunix com>]

Assuming you were scanning line for line.  There is a bunch of system
tools to automate scanning through multiple files.
If the trojan was enclosed in <blink></blink> you could run
grep "<blink>" ./*

To find it.

If you found a relation in the malicious source, you could easily grep
for common traits.

-----Original Message-----
From: Alexandros Papadopoulos [mailto:apapadop () cmu edu] 
Sent: Tuesday, October 15, 2002 10:22 PM
To: profane () friction net
Cc: security-basics () securityfocus com
Subject: Re: sendmail trojan


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 09 October 2002 12:50, jnf  wrote:
> hi, ive got a question, it seems several oss programs of late have
been
> trojaned at the provider level- which leads me to wonder if this is a
> message 'read your source', which made me wonder, are these trojans
> obvious? as in if you just scanned over the source would you see them?
if
> anyone has a copy of some of the source that is trojaned, or knows
where i
> could find some, it would be appreciated. thnx
>
> j

Frankly, even if the trojan was enclosed in <blink></blink> statements,
in 
80,000 lines of code it would be lost. It's not feasible for one single
coder 
to proofread everything he/she compiles. You have to implicitly trust
the 
coder/maintainer/distributor, I see no other way.

- -A

- -- 
http://www.andrew.cmu.edu/~apapadop/pub_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd
DAoKH5PmL2GPQk6aFJt4B0w=
=7MAJ
-----END PGP SIGNATURE-----