Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail

["Kim Scarborough" <kjs () uchicago edu>]

> I contaced Eli Klein <elijah () firstlink com> earlier today regarding this.
> It would appear he was unaware (Or says this) that his server was
> used in this attack (He runs spatula.aclue.com, the server that was
> used in the back door).
>
> I was kind of amazed CERT or Sendmail or anyone for that matter hadn't tried
> to contact him. It would be apparent that the interest in actually figuring
> out who hacked Sendmail's ftp site, is little to none. Unless of course they
> were just assuming someone was trying to frame Mr. Klein :P

I'm not too surprised. My server was used in a similar manner to control the
fragrouter backdoor (the culprit got on my box through the previously trojaned
irssi). I would've thought somebody would have contacted me to see if I could
help track down the perpetrator, but I never heard anything (except from a
Security Focus reporter). I guess people just assume that there's not going to
be any evidence anyway, so there's no point in contacting the server admin.

----------------------------------------------------------------------------
Kim Scarborough                                  http://www.unknown.nu/kim/
----------------------------------------------------------------------------