The trojaning of mICQ

Posted Feb 27, 2003 14:46 UTC (Thu) by MLKahnt (guest, #6642)
In reply to: The trojaning of mICQ by ncm
Parent article: The trojaning of mICQ

Having seen the code (and read the entirety of each thread of the flame war,) there were some very deliberate efforts to hide the code and the activities - other developers on Debian-devel admitted that they wouldn't have realised the nature of what was to happen if the results weren't reported to them. The offending message was coded in base64 iirc, the reference used to hide the message from appearing on the system of the Debian maintainer was set up to use his specific ICQ name, hardcoded a letter at a time rather than a more obvious string, and even the reference to Debian was chopped into substrings to not stand out.

There was substantive effort put into hiding this function, which might well have slipped past most any maintainer not performing security audits of diffs, let alone one that was relatively new to the process (the mICQ maintainer being still under sponsorship.)