Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
From: geneSmith <gene DOT smith AT sea DOT siemens DOT com>
Subject: Re: is "BKDR_HACDEF.M" found in c:\cygwin\bin\cygcrypt-0.dll for real?
Date: Mon, 10 Jan 2005 14:21:18 -0500
Lines: 32
Message-ID: <crukjg$o5q$1@sea.gmane.org>
References: <20050110162858 DOT GA1228 AT ste DOT sharp-eu DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet AT sea DOT gmane DOT org
X-Gmane-NNTP-Posting-Host: 66.168.89.166
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20040910
In-Reply-To: <20050110162858.GA1228@ste.sharp-eu.com>
X-IsSubscribed: yes
Note-from-DJ: This may be spam

Christian Montanari wrote, On 1/10/2005 11:28 AM:
> Our local virus scan tool provided by ***** 
> reported a "trojan horse" called "BKDR_HACDEF.M" found in c:\cygwin\bin\cygcrypt-0.dll
> 
> c.f.: 
> 
> http://www.******.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACDEF.M
> 
> Could you tell me what is your point of view about this ? is it a fluke information ?
> does the code for cygcrypt-0.dll need to be checked against Easter-Eggs of this kind ?
> 
> Regards,
> 
> ========================================
> Christian Montanari,
> SHARP TELECOMMUNICATIONS OF EUROPE Ltd.,
> Azure House,
> Bagshot Road,
> Bracknell,
> Berks, RG12 7QY, UK.
> Tel: +44 (0) 1344 301883
> Fax: +44 (0) 1344 300293
> ========================================
> 
> 
Detected on 2 systems here by Trend Micro and it deleted the file. 
According to a website describing the virus, it can use a possible 
vulnerability in the file to implement the backdoor. Are there any know 
vulnerabilities in cygcrypt-0.dll?

-- 
Lit up like Levy's


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/