Open-Source Trojans: A Growing Problem?
Though it can't be called an epidemic, Trojans are showing up more often in open source programming. There have been "two or three incidents in the last year, as far as I am aware--up from one every few years a few years ago," says Fred Cohen, principal of security consultancy Fred Cohen & Associates.
A recent CERT advisory warned crackers had inserted Trojans into the source code for tcpdump, a utility that monitors network traffic, and libpcap, a packet capture library tool. Both had been available at tcpdump.org since Nov. 11. Though taken offline Nov. 13, it's unknown how many sites had mirrored the bad code. The Trojans can enable remote code execution.
The link for this article located at InfoSecurity Magazine is no longer available.