ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Plugins compromised in SquirrelMail's web server hack

By | August 4, 2009, 5:15pm PDT

Summary: According to a recently posted update by SquirrelMail’s Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month. The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, [...]

According to a recently posted update by SquirrelMail’s Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month.

The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail didn’t acknowledge prior to announcing the web server compromise.

During the initial announcement, we’d mentioned that we did not believe that any of the plugins had been compromised. Further investigation has shown that the following plugins were indeed compromised:
- sasql-3.2.0
- multilogin-2.4-1.2.9
- change_pass-3.0-1.4.0

Parts of these code changes attempts to send mail to an offsite server containing passwords.

SquirrelMail has a total of 222 plugins available in 14 categories. Its SourceForge repository was not affected.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Web Server, Server, Plug-in, SquirrelMail, Web Servers, Internet, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
2
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Plugins compromised in SquirrelMail's web server hack
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
There should be authentication for this
phatkat 5th Aug 2009
Actually there is for most sites, however we need a better way than existing methods of using checksums and other methods to authenticate that the file is good or not. Another issue is if they compromise your site they can also compromise your authentication mechanism so again we need a better method to authenticate files.
0 Votes
+ -
RE: Plugins compromised in SquirrelMail's web server hack
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix