An attack on a widely distributed system tool may have opened a back door for crackers to compromise networks around the world. Early in the morning of Thursday January 21, someone replaced the TCP Wrapper source on its server of origin, ftp.win.tue.nl. The unidentified crackers inserted a secret program called a Trojan horse, which works like a trap door into a computer system. If a Unix server were to run one of these doctored copies of TCP Wrappers, the Trojan horse would notify its owners, giving them the address of the machine and letting intruders gain unauthorized access to any of its resources. The software was downloaded 52 times before the Trojan horse was discovered and fixed. The 52 machines have been notified of the problem, but some of those downloads may have been to mirror sites, which may have redistributed the infected code. The Computer Emergency Response Team (CERT) strongly encouraged all sites that are running the TCP Wrappers tool to verify the integrity of the distribution they have. Ironically, the tool is a security application, commonly used to monitor and filter connections to network services on Unix systems. It has been patched and secure versions are now available from Wietse Venema, the author and maintainer of the software. Anyone worried about TCP Wrappers can verify their copy of the tool with Venema’s PGP public key, which was not compromised in the attack. Eventually this was bound to happen, and that’s why the source file was accompanied by a PGP signature, Venema told the Bugtraq security emailing list. However cryptography can only provide so much security; the rest depends on people. The infected files were unsigned, but they were downloaded anyway. As Venema concludes: There is no guarantee against people downloading and installing backdooored software.