![xshell 5 xshell 5](https://www.netsarang.com/wp-content/uploads/2018/12/xshell-overview-1.png)
idata section is used to store the addresses of externally imported functions. rdata section is about 0x10000 bytes longer. idata section in nssock2.dll with the backdoor is 8 bytes longer than that in nssock2.dll without the backdoor, and the. nssock2.dll with the backdoor is much larger than that without the backdoor.Ĭheck the size of each section of the two files. The nssock2.dll libraries of versions 1322 (with a backdoor) and 1326 (latest official version without the backdoor) are compared.
![xshell 5 xshell 5](https://getintopc.com/wp-content/uploads/2018/08/Xshell-5-Commercial-Free-Download.png)
If your computers are affected by the backdoor, perform security check in a timely manner to eliminate the possibility of being inserted with the backdoor.
#Xshell 5 update#
To avoid the impact of the backdoor, update the Xshell and related programs to the latest versions in a timely manner. Then the hacker obtained basic user information through the backdoor and even inserted a more powerful backdoor for remote command execution.Īll product versions were updated on August 5. It is assumed that someone managed to hack into the developer's host or compilation system. The backdoor was found in nssock2.dll 5.0.0.26, which was modified on July 13, 2017. It is a dependent component required by Xshell and related products. The backdoor module lurks in the nssock2.dll library that has a valid signature within Xshell software suites. On August 7, 2017, NetSarang stated that backdoors were discovered in the following product versions that were released on July 18: Xshell manages remote servers based on SSH, Telnet, and other protocols.Xshell and other programs provide secure connectivity solutions to manage Linux servers on Windows platforms. Xshell is a remote connectivity program developed by NetSarang, which also provides Xmanager and Xftp.