Security Basics mailing list archives
RE: sendmail trojan
From: "Vince" <vdh () plutonium homeunix com>
Date: Thu, 17 Oct 2002 16:26:04 -0700
Assuming you were scanning line for line. There is a bunch of system tools to automate scanning through multiple files. If the trojan was enclosed in <blink></blink> you could run grep "<blink>" ./* To find it. If you found a relation in the malicious source, you could easily grep for common traits. -----Original Message----- From: Alexandros Papadopoulos [mailto:apapadop () cmu edu] Sent: Tuesday, October 15, 2002 10:22 PM To: profane () friction net Cc: security-basics () securityfocus com Subject: Re: sendmail trojan -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 09 October 2002 12:50, jnf wrote:
hi, ive got a question, it seems several oss programs of late have
been
trojaned at the provider level- which leads me to wonder if this is a message 'read your source', which made me wonder, are these trojans obvious? as in if you just scanned over the source would you see them?
if
anyone has a copy of some of the source that is trojaned, or knows
where i
could find some, it would be appreciated. thnx j
Frankly, even if the trojan was enclosed in <blink></blink> statements, in 80,000 lines of code it would be lost. It's not feasible for one single coder to proofread everything he/she compiles. You have to implicitly trust the coder/maintainer/distributor, I see no other way. - -A - -- http://www.andrew.cmu.edu/~apapadop/pub_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd DAoKH5PmL2GPQk6aFJt4B0w= =7MAJ -----END PGP SIGNATURE-----
Current thread:
- sendmail trojan jnf (Oct 15)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 17)
- RE: sendmail trojan Vince (Oct 17)
- Re: sendmail trojan Stephane Nasdrovisky (Oct 18)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 18)
- <Possible follow-ups>
- RE: sendmail trojan Chris Santerre (Oct 21)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 17)