Trojan horse found in OpenSSH software

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan horse that can allow an attacker to take over a system.

The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.

The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on 30 July or 31 July, and from there was likely to have been copied to other download sites.

Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, the advisory warned. It allows arbitrary commands to be executed with the privileges of the compiling user.

Anyone who installed OpenSSH or offered it for download since 30 July should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures.

More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory www.openssh.com/txt/trojan.adv and an advisory sent out by the Computer Emergence Response Team (CERT) ( www.cert.org/advisories/CA-2002-24.html).

Read more on Antivirus, firewall and IDS products

All
News
In Depth
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Digital transformation sees CPS build evidence of more efficient services
- Google Cloud CEO outlines plans to take company even deeper into the enterprise
- Is it too soon for AI in the classroom?
Download Current Issue

Latest Blog Posts

How an 18th century Maths puzzle solves 21st century problems – Data Matters
Going native on Google Chromebooks – Inspect-a-Gadget
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Problems with blockchain and how they're being solved

Do you know about the blockchain trilemma? David Petersson looks at some of the problems with blockchain and how cutting-edge ...
High-performance computing use cases and benefits in business

High-performance computing has moved from the rarified realm of research and government and into the enterprise. Learn how ...
How to achieve digital transformation -- with CIO as linchpin

Companies achieve digital transformation along two dimensions -- through operational efficiency and offering a great customer ...

SearchSecurity

Forcepoint pushes 'human-centric cybersecurity' approach

During the launch of the Forcepoint Cyber Experience Center in Boston, Forcepoint execs emphasized the need for adopting a new ...
DNS hijacking campaign targets national security organizations

A DNS hijacking campaign targeting national security organizations and critical infrastructure may be part of a new trend, ...
Identity and access management trends show new access roles

Identity and access management trends reflect a changing cybersecurity landscape. Learn how IAM is changing and what you should ...

SearchNetworking

Review the benefits of network performance monitoring strategies

This compilation delves into five points regarding the benefits of network performance monitoring, as well as various monitoring ...
IT directors share SD-WAN advantages and advice

Enhanced access to internet applications, streamlined network connectivity and faster deployments at new offices are just some ...
IoT device monitoring added to Nyansa Voyance

Nyansa has added IoT traffic analytics to its network monitoring software. The latest version of Nyansa Voyance monitors the ...

SearchDataCenter

Build a comprehensive outline for your data center budget

Including all necessary data center expenses during budget planning can be daunting. IT managers can start with costs for ...
Open source virtualization expands VM hardware and OS options

Dive into open source virtualization software with VirtualBox, KVM or QEMU. Each offers customizable VM management capabilities ...
4 considerations for choosing a private cloud provider

Key features to look for from a private cloud provider include interoperability, scalability and how familiar admins are with the...

SearchDataManagement

Google takes a run at enterprise cloud data management

New Google Cloud boss Thomas Kurian is putting databases and data management at the forefront at Google. The vendor has forged ...
4 factors to consider in a Hadoop distributions comparison

Examine the key characteristics necessary to evaluate in a Hadoop distribution comparison, focusing on enterprise features, ...
Kafka at center of new event processing infrastructure

Events are as important as data in emerging applications underlying many e-commerce efforts. Streams of events tell a company ...

Close