On Mon, 1 Jul 2002, Nelson Brito wrote: > Ok, I've tried to download this backdoor version of BitchX from its > official WEB Site (a.k.a. www.bitchx.[com|org], but it looks like a > repaired or rescued version. This doesn't surprise me--see the description in our earlier mail about the odd behavior of the FTP server, how depending on your ISP / client / phase of the moon, you'd get the safe or the tainted version. We had a few people (Chris Wysopal of @Stake/Vulnwatch, Dave Ahmad of Securityfocus) verify that they could pull backdoored copies this morning, before releasing the advisory. > I've downloaded BitchX from the official WEB Site some days ago and I > saw that the file is okay (the configure's MD5 is good, as well > ircii-pana-1.0c19), it's a genuine BitchX. That's good, perhaps the trojan'ed copy was not there for long. Or, perhaps when you pulled it earlier you just happened to get a safe copy :( In the meantime, it looks like the service and/or box have been temporarily taken offline: DNS A records for (www|ftp).bitchx.(org|com) seem to have been pulled, and the IP formerly hosting those sites is no longer listening for FTP or HTTP. I'd expect the BitchX folks are busy right now but will issue some statement once they've got things settled down. Thanks, Hank Leininger <hleinat_private> 0C08 435C 26A9 951E 6DAD 8199 C7A7 4005 1954 F635 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 09:22:15 PDT