Trojan Horse Attacks GNU Project

Malicious code recently compromised the FTP server for the GNU Project, a developer site for many components in the open-source Linux operating system.

The attack originally occurred in March 2003, but went undiscovered until late July, according to a statement from GNU's sponsor, the Free Software Foundation. The compromise was a Trojan horse that was installed on the root system of GNU's servers. The Trojan horse had been on the server system for several months.

Source Code Clean

A local user sparked the attack and was collecting passwords and attempting to use the site as a launching point to attack other machines, the FSF says.

After what it deemed a substantial investigation verifying the integrity of the software, FSF representatives say they don't think any GNU source code has been compromised.

However, the FSF is warning people who have downloaded software from the server since March to double-check the source code. Searches for standard-source Trojan horses have turned up dry and a list of files that have not been checked are listed in the root directory as missing files.

Alert Issued

CERT, a major reporting center for Internet security problems, got wind of the attack and issued a separate advisory last week about the compromise.

Because the system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat, CERT says in the statement. The security organization also echoes FSF's statement that no source code distributions have been maliciously modified at this time.

Launched in 1984, The GNU Project develops a complete, free, Unix-like operating system. GNU is a recursive acronym for "GNU's Not Unix."