A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
http://www.securityfocus.com/bid/5921
http://www.iss.net/security_center/static/10313.php
http://www.cert.org/advisories/CA-2002-28.html
http://www.cert.org/advisories/CA-1999-02.html
http://www.cert.org/advisories/CA-1999-01.html
http://www.cert.org/advisories/CA-1994-14.html
http://www.cert.org/advisories/CA-1994-07.html
http://online.securityfocus.com/archive/1/294539