Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Compromised SourceForge mirror distributes backdoored phpMyAdmin package

Lucian Constantin | Sept. 27, 2012
Unknown attackers compromised a download mirror server for the SourceForge software repository, rigging the installer package for phpMyAdmin, a popular Web-based MySQL database administration tool, with a backdoor.

The phpMyAdmin development team regularly publishes the MD5 checksums for the software's official install packages on its website. For example, the legitimate phpMyAdmin-3.5.2.2-all-languages.zip archive has an MD5 checksum of "6f284e973809af8cda998eeaa9aa7884".

Users should calculate the MD5 checksum of the package they download and compare it to the one published by the phpMyAdmin developers in order to verify that it is legitimate. A modified package will have a different MD5 checksum.

In fact, users should always perform a checksum verification when downloading software for use on their computers or servers, whenever the developer provides an MD5 or other type of checksum for the installer. Some browsers, like Mozilla Firefox, have extensions that make checksum checking easier.

This is not the first time that a download server has been compromised and the installer of a popular application has been backdoored.

In June 2011, the WordPress development team warned that some fairly popular WordPress plug-ins had been backdoored through the official plug-in repository.

In July 2011, the maintainer of vsftpd (Very Secure FTP Daemon), a popular FTP server software, announced that the master vsftpd download site was compromised and the software's official packages were rigged with a backdoor.

In December 2010, unknown hackers compromised the main distribution server of the ProFTPD Project -- another popular FTP server software -- and added a root shell backdoor to the source code.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.