ircII
ircII FTP distribution backdoored for remote access
The official FTP server (ftp.irc.org) hosting the ircII source code was compromised. The `ircii-2.8.2.tar.gz` distribution was modified; specifically, the file `ircd/s_bsd.c` had a backdoor inserted. This backdoor connected to IP 198.168.253.139 on TCP port 30000 and attempted to start an interactive shell (`/bin/sh -i`), allowing remote access with the privileges of the user running ircII.
- Date
- 1998-10-22 to 1999-01-21
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
ircII
LanguageC
ComponentApplication
Artifact typesource archive
Domain typeproject download host
Domain
ftp.irc.org
Compromised Versions
- 2.8.2
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 91 days
Evidence
Compromised Artifacts
- ftp.irc.orgirc/clients/ircii-2.8.2.tar.gz
- ftp.undernet.orgpub/irc/clients/unix/ircII/ircii-2.8.2.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:a2eadc5d2e01fceb4c5728e85a28f2ddmd5:f3c149e1e239263731e0f75730121eb0
External References
Source Data
Source record: oss/ircII/meta.yaml