It may be worth thinking about what's actually happened here. Take a look at the technical description at http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACDEF.M&VSect=T . One of the characteristics of the malware is that it hides a file named cygcrypt-0.dll. The description does not state that the malware installs cygcrypt-0.dll, but it is well known that some root kits are built using cygwin. Indeed, someone from our security office recently told me that
if someone runs cygwin and gets complaints about conflicting or duplicate cygwin dll's and if that person is sure that cygwin has never been installed on the machine, chances are that the machine has been compromised and that a cygwin-based root kit has been installed.
I suspect that cygcrypt-0.dll is distributed as part of the malware in question. Why else would it hide the file? If cygcrypt-0.dll is distributed as part of the malware, rebuilding the package will only put the problem off until the malware is repackaged to use the latest release.
Rather than telling users to bug the anti-virus company it might be worth
having someone from cygwin contact them to explain the issue. It might also be worth doing a little bit of home work. That is, get a copy of the
malware, unpack it, and check to see whether cygcrypt-0.dll is included in its entirety. What if it's really only something that bears the name and that the anti-virus company is checking names only?
Just my 2 cents,
Dick Repasky
-----------------
Dick Repasky Bioinformatics Support UITS Cubicle 101.08 Indiana University USA
[EMAIL PROTECTED]
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
