A few hours ago (1 AM US/Eastern time, July 1) we downloaded ircii-pana-1.0c19.tar.gz from ftp.bitchx.com (216.165.191.5) and reviewed the configure script before running it. It has essentially the same configure backdoor as fragroute-1.2.tar.gz[1] -- a TCP connection is made outbound, with a shell bound to it (a reverse telnet). This appears to retry/respawn once per hour. The 1.0c19 tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be trojaned when we pulled from there about an hour later.