One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. This backdoor is located in file server_sync.php
and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js
, has also been modified.
Getting access to a database administration tool this way is a immense win for a hacker. If the doctored version gets set up, you end up inside the network by invitation, via the functionary administration console, and normally with more ability than the genuine administrators.
The reality that only one mirror was contaminated reduced the total impact, with merely 400 users downloading the tampered release.
But 400 potentially-pwned networks of possibly-juicy databases is a much more troubling suggestion than 400 PCs infected with zombie malware.