[27370] in bugtraq
Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail
daemon@ATHENA.MIT.EDU (Kim Scarborough)
Wed Oct 9 17:01:05 2002
Message-ID: <00ac01c26fb3$7b50d7c0$23638780@uchicago.edu>
From: "Kim Scarborough" <kjs@uchicago.edu>
To: <bugtraq@securityfocus.com>
Date: Wed, 9 Oct 2002 11:46:57 -0500
> I contaced Eli Klein <elijah@firstlink.com> earlier today regarding this.
> It would appear he was unaware (Or says this) that his server was
> used in this attack (He runs spatula.aclue.com, the server that was
> used in the back door).
>
> I was kind of amazed CERT or Sendmail or anyone for that matter hadn't tried
> to contact him. It would be apparent that the interest in actually figuring
> out who hacked Sendmail's ftp site, is little to none. Unless of course they
> were just assuming someone was trying to frame Mr. Klein :P
I'm not too surprised. My server was used in a similar manner to control the
fragrouter backdoor (the culprit got on my box through the previously trojaned
irssi). I would've thought somebody would have contacted me to see if I could
help track down the perpetrator, but I never heard anything (except from a
Security Focus reporter). I guess people just assume that there's not going to
be any evidence anyway, so there's no point in contacting the server admin.
----------------------------------------------------------------------------
Kim Scarborough http://www.unknown.nu/kim/
----------------------------------------------------------------------------
