Skip to content

Posts tagged ‘backdoor’


New Mac OS X Backdoor Trojan (BlackHole RAT) in Development [Updated]

A ‘trojan’ targeting Mac OS X users, dubbed BlackHole RAT, appears to be in development. It’s a variant of a well-known series of malware called Remote Access Tools (RAT) that primarily targeted Windows. It should be noted that on its own, the trojan does not exploit OSX, instead relying on the user to unknowingly ‘install’ it. This is often done under the guise of pirated software, video plugins on porn sites, or from other non-reputable software sources. Although the details are not entirely clear, it appears like your computer needs to be directly accessible from the internet.

This ‘trojan’ (note the intended air quotes) has been blown out of proportion and does not pose a significant level of risk. Macs are not ‘less secure’ because of this tool, as it’s something that could be coded by any 14-year old with a relatively basic knowledge of programming. It’s essentially a normal application whose purpose is to accept connections from its owner, and allow them to perform actions on your computer, etc.

Hit the jump for the full details, a video and download link. Read moreRead more


OpenBSD IPSec Possibly Probably Not Backdoored by FBI

In a post to the OpenBSD mailing list, developer Theo de Raadt reveals an email from an ex-contributor (Gregory Perry) alleging that money was accepted from the FBI around 2000-2001, in return for implementing a backdoor into the IPSec stack. Such a backdoor would give the FBI the ability to eavesdrop on any IPSec connection made using OpenBSD, or any other projects that have since made use of its IPSec code.

Clearly this would be a big deal if true, and although we know that open source projects are regularly backdoored by rogue developers or ‘hackers’ (such as the recent ProFTPd backdoor), it is not often that we hear of governments inserting some themselves. Should we be surprised? After all it is known that the NSA was involved with the development of DES by altering the algorithm’s S-Boxes and suggesting a shorter key length. There are also rumors of a covert backdoor in several versions of the Windows OS. That said, many people are smelling a troll in this case.

Following this information (can we call it a leak rumor?), OpenBSD’s IPSec code will undoubtedly come under quite a bit of scrutiny, and I’m sure we will hear a lot more about it should anything untoward be uncovered.

Read the full mailing list post here, archived below for posterity.

[Update] Scott Lowe denies being affiliated with the FBI, and Jason Wright denies having inserted a backdoor. This is sounding more and more like a trolling. To what end, I couldn’t speculate. It’s also worth noting that this kind of activity would probably not fall under a normal NDA, but under a government-level Top Secret classification which lasts at least 25 years…

An interesting observation about OpenBSD IPSec and Stuxnet. Read moreRead more


ProFTPD 1.3.3c Briefly Backdoored by Hackers

Servers of the widely popular FTP server, ProFTPD, were compromised (probably with 0day) on the 28th of November 2010. During the attack, some source code was modified to insert a backdoor. The source files affected were for ProFTPD version 1.3.3c., between the 28/11/2010 and 02/12/2010.

The backdoor introduced by the attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon.

If you installed or updated ProFTPD from one of the official mirrors during that time, it is recommended that you recompile from a known good version of the code. The source modification was spotted and rectified on 01/12/2010. MD5 sums for the valid source tarballs:

8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2

4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz

Hit the jump for details on how the backdoor is triggered. A Metasploit module is available to automate the exploit. Read moreRead more