快猫短视频

Malicious code hidden in email software

The new software was switched for dummy code containing a "Trojan horse" on its download servers

Recently released versions of a popular email server program have been found to contain malicious 鈥淭rojan horse鈥 code, the US Computer Emergency Response Team (CERT) warned on Wednesday.

Some download servers used to distribute Sendmail, a commonly used email server program, were compromised after the latest software was released. The authors of the program say bogus versions containing the Trojan code were then uploaded to the server.

鈥淒o NOT use Sendmail without verifying the integrity of the source code,鈥 Sendmail鈥檚 authors write in a warning posted to their web site.

An alert issued by CERT states that the break-in could have potentially severe results for anyone who installs a counterfeit copy of the application: 鈥淎n intruder can gain unauthorized remote access to any host that compiled a version of Sendmail.鈥

According to CERT, the level of access would be that of the user who compiled the source code. This is likely to be a system administrator, meaning the hacker would have high level privileges on a network鈥檚 server.

CERT says the Trojan horse program activates during the program installation process. It is not clear when the new version of the email program was switched for the bogus version, but CERT reports infected copies downloaded as long ago as 28 September.

The Sendmail team advises anyone who downloaded the new version to check that the associated cryptographic keys are legitimate. They say administrators who have installed the program should also check the authenticity of the source code, line by line.

More from 快猫短视频

Explore the latest news, articles and features