The GNU Project, which develops many of the components in the Linux operating system, said this week that the system housing its primary download servers has been compromised by an attacker.
The project urged those who have downloaded software from the server since March to check that the source code has not been tampered with.
Linux, an open-source operating system that dominates the Web server market, uses the compiler, libraries and other software that was originally developed by the GNU Project. The project warned that the attacker may have inserted malicious code into its software, although it said all the code checked so far appeared to be intact.
In an alert issued Wednesday, computer security response organization CERT Coordination Center warned that the breach could prove to be a serious problem. "Because this system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat," the warning stated.
The Free Software Foundation, the GNU Project's overseer, has issued lists of "hashes"--numbers generated by the source code of software known not to have been compromised--that can be used to verify downloaded code. The lists can be found here and here.
The attacker compromised the project's servers to the root level, gaining complete control over the system, according to the GNU Project. The attack was carried out using an exploit that was revealed on March 17, and for which a patch only became available a week later. During that week, the intruder compromised the system and installed a piece of malicious code known as a Trojan horse, according to evidence found on the machine.
The Trojan horse stayed in place until it was discovered in the last week of July, the project said. "The modus operandi of the cracker shows that (s)he was interested primarily in using gnuftp to collect passwords and as a launching point to attack other machines," the project said in a statement on its Web site.
The group said it has spent the weeks since the compromise was discovered verifying the integrity of its software. "Most of this work is done, and the remaining work is primarily for files that were uploaded since early 2003, as our backups from that period could also theoretically be compromised," the statement said.
The project said it believes no source code was compromised. "The evidence includes the MO of the cracker, the fact that every file we've checked so far isn't compromised, and that searches for standard source Trojans turned up nothing," the group stated.
Matthew Broersma of ZDNet UK reported from London.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
George Lucas has just released his version of "Star Wars" in 3D, but c'mon--the guy believes Greedo shot first. Why not make your own Star Wars world? In the first installment of a Crave series, a crack team of crafters fight the power and turn paper bags into the Rebel Alliance's Admiral Ackbar. It's a sack!
Join the conversation