BitchX 1.0c19 IRC Client Backdoored
JRAC writes "A recent Bugtraq submission has indicated that the popular IRC client, BitchX, contains a backdoor. So far, only certain 1.0c19 files, downloaded from ftp.bitchx.com are reported to contain the malicious code. The BitchX developers have been notified, so hopefully a fix will be issued soon. Looks like irssi wasn't the only one ;)"
The linked article gives a bit more insight into the REAL problem... It appears that someone has hacked the FTP server, and it is now serving up a trojan'ed copy of the aforementioned BitchX distribution, but only part of the time (based on the IP address and/or connectivity of the client). Rather sneaky...
Anyway, I guess this is a good reason to have some sort of "signing" on your distribution.
- Mike