Squirrel Mail Plugins Compromise


The webserver hosting SquirrelMail was hacked and several plugins were
replaced with malicious code. The code included sending usernames and
passwords used on the system to an offsite account.

* sasql-3.2.0
* multilogin-2.4-1.2.9
* change_pass-3.0-1.4.0

If you use any of these plugins, or SquirrelMail in general, please
verify that you have updated to the latest versions of these plugins.
Any user accounts used during the time these plugins were installed
should be considered compromised and should have their passwords reset.