BitchX download could contain a backdoor

bitchx-backdoor (11808)

High Risk

Description:

BitchX, if downloaded between 12-Apr-2003 and 13-Apr-2003, could cause a backdoor to be installed on victim's computers. One of the FTP sites that was linked from the BitchX Web site was a false FTP site, and the BitchX IRC Client 1.0 c19 was modified to include a Trojan Horse. Once the Trojan Horse is executed, it attempts to connect to 207.178.61.5 on port 6667. This could allow a remote attacker to gain access to systems that have installed the compromised BitchX distributions and execute commands on the system with privileges of the user who installed the affected package.

Platforms Affected:

• Colten Edwards, BitchX 1.0c19

Remedy:

Users should verify that they have an authentic version of BitchX installed. Refer to the BugTraq Mailing List posting dated Mon Apr 14 2003 - 20:03:21 CDT for more information. See References.

Consequences:

Gain Access

References:

• BitchX Web site, BitchX at http://www.bitchx.org/.
• BugTraq Mailing List, Mon Apr 14 2003 - 20:03:21CST, Re: bitchx sources backdoored on distribution site at http://marc.theaimsgroup.com/?l=bugtraq&m=105036008510655&w=2.
• BugTraq Mailing List, Mon Apr 14 2003 - 20:17:26 CST, bitchx sources trojaned - follow up at http://marc.theaimsgroup.com/?l=bugtraq&m=105036062211226&w=2.
• BugTraq Mailing List, Sun Apr 13 2003 - 0:45:17 CST, bitchx sources backdoored on distribution site at http://marc.theaimsgroup.com/?l=bugtraq&m=105034153120476&w=2.
• BugTraq Mailing List, Tues Apr 15 2003 - 1:44:36 CST, BitchX trojan, the real follow up. at http://marc.theaimsgroup.com/?l=bugtraq&m=105042134428506&w=2.
• BID-7333: BitchX Trojan Horse Vulnerability
• CVE-1999-0660: A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.

Reported:

Apr 13, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page