Event ID - 6667

Port No6667
Service NameSendmail Trojan Horse Vulnerability
RFC Doc0
ProtocolTCP
DescriptionReportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28, 2002 and October 6, 2002 likely contain the trojan code.
It has also been reported that versions of sendmail available via HTTP distribution on the Sendmail Consortium site are not affected
Reports say that the trojan will run once upon compilation of sendmail. Once the Trojan is executed, it attempts to connect to host spatula.aclue.com (66.37.138.99) on port 6667.
Although unconfirmed, it has been reported that the service listening on port 6667 of host spatula.aclue.com (66.37.138.99) has been disabled.
The Sendmail Consortium has signed all valid distributions of the sendmail software with the following PGP key:
pub 1024R/678C0A03 2001-12-18 Sendmail Signing Key/2002 Key fingerprint = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45
Additionally, the following checksums have been made available to verify packages against:
73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig
Reference LinkPort Number:6667 Service Name:Sendmail Trojan Horse Vulnerability Port:TCP
AttackAccording to Symantec

Resolution:
Block external access at the network boundary, unless service is required by external parties. Filter untrusted network traffic at border routers and network firewalls.
Run all server processes as non-privileged users with minimal access rights.
Perform all tasks with the minimal privileges possible to perform task.
The vendor has stated that the versions served via HTTP download are not affected, and the valid versions of sendmail for downloaded from http://www.sendmail.org. They are available from the normal distribution channels and have the following MD5 checksums:
73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig
Additionally, they are signed with the Sendmail Consortium PGP Key. Sendmail Consortium Sendmail 8.12.6:

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.