tcpdump/libpcap trojans reported by CERT

Friday, November 15 2002 @ 13:01 CET

Contributed by: egilDOTnet

At least one major site, the Univeristy of Oslo, have been compromized as a result of a trojan in the popular tcpdump tool for *nix...

CERT also report that the libpcap package is infected with the same trojan. The University of Oslo (UiO) have to reset 52000 passwords because their passwd files got out and abroad. Reportedly, some of their servers, which have a nice thick cable attached (T3+ IIRC), were beeing used for illegal movie distribution.
On the positive, at least the guys @ UiO have movies to watch while working their systems back up this weekend... :)