site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

VOIP etc > Voice Over IP - VOIP > VOIP Tech Chat > [General] Trixbox phoning home controversy.

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·ALL ·Review Your VoIP Provider ·VoIP Providers ·VoIP FAQ ·Porting Rules ·What Codec?
AuthorAll Replies

Test99
Premium
join:2003-04-24
San Jose, CA
kudos:1

reply to cbrain

Not Just Trixbox

I recently installed a Windows port of Asterisk from this site: »www.asteriskwin32.com/ to evaluate it.

The next Zone Alarm scan discovered this nasty critter:

Win32.Backdoor.IRCBot.td
in c:\Program Files\cygroot\bin\cygwin.dll

This is the registry entry:
File: C:\Program Files\cygroot\bin\cygwin1.dll
Module: C:\Program Files\cygroot\bin\cygwin1.dll
RegistryKey: HKEY_CURRENT_USER\Software\Cygnus Solutions
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions

I'm still investigating to see what I have to do to clean the system.
--
50775@fwd.pulver.com
to forum · permalink · 2007-12-19 16:17:24 ·


tommy13v
Premium
join:2002-02-15
Niskayuna NY

That DLL acts as a Linux API emulation layer providing the linux functionality.

to forum · permalink · 2007-12-19 18:28:55 ·

Test99
Premium
join:2003-04-24
San Jose, CA
kudos:1

said by tommy13v:

That DLL acts as a Linux API emulation layer providing the linux functionality.
Understood. What's not yet clear is where it acquired the ability to take orders from Internet Relay Chat.
--
50775@fwd.pulver.com
to forum · permalink · 2007-12-19 20:20:07 ·

B
Premium,MVM
join:2000-10-28

I'm betting (guessing) that it didn't, and that this is a false positive... Good luck. You could try running it by one of the multi-engine scanners (Jotti).

-- B
--
In a realm outside causality and function

to forum · permalink · 2007-12-20 14:19:45 ·

Test99
Premium
join:2003-04-24
San Jose, CA
kudos:1

said by B:

I'm betting (guessing) that it didn't, and that this is a false positive...
Good suggestion. You may be right. Scans thus far have not detected any other signs of intrusion. Writing malware detection programs must be a difficult assignment.
--
50775@fwd.pulver.com
to forum · permalink · 2007-12-20 14:46:46 ·

B
Premium,MVM
join:2000-10-28

Maybe, but I suspect the opposite -- that it's astonishingly EASY, at least as it's currently practiced, and that the rewards are so great that no one has to try very hard.

That's why free products (from AVG to the open source ClamAV project) can perform so well, and that's why the mainstream commercial offerings (McAfee and Symantec) are such festering mounds of bloated feces, and that's why the slightest little change in code lets malware continue to slip by the overwhelming majority of "detectors".

Yeah, it's a losing proposition because one person's trojan is another person's remote control feature, but that's not much excuse for today's shoddy state of affairs. When in doubt, just blame Windows.

-- B
--
In a realm outside causality and function

to forum · permalink · 2007-12-20 14:56:05 ·
Forums > VOIP etc > Voice Over IP - VOIP > VOIP Tech Chat

Tuesday, 29-May 18:38:53 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics