At 4:45 PM 4/6/94 -0400, Justus J. Addiss (addiss @
hsi .
com) 203-949-6414 wrote:
>>> At 1:56 PM 4/6/94 -0400, Christopher Klaus wrote:
>>> >>
>>> >Yikes. Here is something you might want to take fast action against.
>>> >
>>> >I wish CERT would have posted more details though.
>>> >like how the trojan worked or where it was or what sites
>>> >contained copy of it. how do i know the newest version
>>> >2.3 has no already been modified?
>>> >
>>>
>>> Check your source for the string '"NULL"' ie the word NULL in double quotes.
>>>
>>> We have an older version (2.1a) which appears to be clean.
>>>
>
>Does "NULL" mean you're clean or dirty? How about NULL (no quotes around
>it)?
NULL with quotes around means you are dirty. This appears in the bit of
code that Christopher Klaus just posted.
You could probably do a strings on your binaries and grep for NULL as a
double check. Can't verify that this'll work but its worth a try. Certainly
if the grep comes up with anything then you've been done.
Al
---------------------------------------------------------------------------
Alastair Young _ 2 Ariel NH Red Hunters
Cadence Design Systems, Information Services )/___ _
555 River Oaks Parkway, 4B1 __/(___)_*##/c 56 Red Menace
San Jose CA 95134 Fax: (408)894-3487 / /\\|| \ / \
alastair @
cadence .
com (408)428-5278 \__/ ----'\__/ 49 TwinportKit
---------------------------------------------------------------------------
These statements and opinions are mine, not those of Cadence Design Systems
|
|
