Linux users fooled by Trojan
/v3-uk/news/1941658/linux-users-fooled-trojan
26 Sep 2001, James Middleton, vnunet.com , V3
Linux users were tricked into downloading a Trojan after destructive hackers managed to sneak a malicious script onto the Vuln-Dev security mailing list late last week.
Apparently the cyber vandals tried twice to sneak malicious code, disguised as an exploit for wu-ftpd, onto the Security Focus mailing list. The first attempt was to get the exploit onto the BugTraq mailing list, but suspicious moderators canned it.
However, while everyone was busy with the Nimda worm, the Trojan appeared on the Vuln-Dev list which has 14,300 subscribers.
The malicious code is buried in what appears to be an exploit for wu-ftpd, a replacement FTP daemon for Unix systems. Reports suggest that wu-ftpd is the most popular FTP daemon on the internet, used by sites all around the world and potentially putting thousands of users at risk.
If compiled and run, the destructive code drops a Trojan that deletes most of the files found on the hard drive of the host.
The authenticity of the exploit was further socially engineered by the hackers when they credited the discovery to security consultant and author of the Happy Hacker books, Carolyn Meinel.
The code was also emailed out from her address, but Meinel insists that the message was forged by intruders who broke into her web server and took control of her mail system.
Fortunately, users spotted the hoax fairly quickly and Vuln-Dev managed to get a message out before the weekend to alert people to the malicious nature of the code.
One user warned: "DO NOT RUN wu261.c, quoted below, as posted by Carolyn Meinel! It is a malignant Trojan which will delete all files in the home directory of any users running it."
Meinel's website was also hacked earlier this year by defacement group Girli3z for H4cking, which also managed to compromise her mail server and post the entire contents of her inbox online.
There is some speculation among users that the trick was carried out in a bid to defame Meinel, who appears to have made a lot of enemies in the security industry and has a placement in security site Attrition's hall of shame.