Malicious code recently compromised the FTP server for the GNU Project, a developer site for many components in the open-source Linux Operating System.
The attack happened in March 2003, according to a statement from GNU’s sponsor – the Free Software Foundation (FSF). The compromise was a Trojan horse that was installed on the root system of GNU’s servers. The Trojan had been on the server system for several months and had gone unnoticed by the GNU until late July.
A local user sparked the attack and was collecting passwords and attempting to use the site as a launching point to attack other machines, the FSF said.
After what it deemed a substantial investigation verifying the integrity of the software, the FSF said they didn’t think that any GNU source code had been compromised. In the statement, the FSF warned people who have downloaded software from the server since March to double-check the source code. Searches for standard source Trojans have turned up dry and a list of files that have not been checked are listed in the root directory as missing-files.
CERT, a major reporting centre for Internet security problems got wind of the attack and issued a separate advisory on Wednesday about the compromise.
Because the system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat, CERT said in the statement. They then echoed FSF’s statement that no source code distributions have been maliciously modified at this time.
Launched in 1984, The GNU Project develops a complete, free, Unix-like operating system. GNU is a recursive acronym for GNU’s Not Unix.
More information about the breach can be found online at www.gnu.org.
