Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. This and similar programs, such as MD4, SHA and SHA-1, continually compare codes generated by "healthy" software to hashes of programs in the field.. . .
Experts say the insertion of Trojans into two popular tools reinforces the need to run readily available programs, such as MD5 hashes, to ensure that code hasn't been altered. Experts recommend using MD5 hashes to expose Trojans. This and similar programs, such as MD4, SHA and SHA-1, continually compare codes generated by "healthy" software to hashes of programs in the field. A warning flag is raised if the codes don't match, says Dave Wreski, corporate manager of Guardian Digital, an open-source security software vendor.

Though it can't be called an epidemic, Trojans are showing up more often in open source programming. There have been "two or three incidents in the last year, as far as I am aware--up from one every few years a few years ago," says Fred Cohen, principal of security consultancy Fred Cohen & Associates.

A recent CERT advisory warned crackers had inserted Trojans into the source code for tcpdump, a utility that monitors network traffic, and libpcap, a packet capture library tool. Both had been available at tcpdump.org since Nov. 11. Though taken offline Nov. 13, it's unknown how many sites had mirrored the bad code. The Trojans can enable remote code execution.

The link for this article located at InfoSecurity Magazine is no longer available.