Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430036
To read all comments associated with this story, please click here.
Source code?
by umccullough on Tue 15th Jun 2010 01:49 UTC
umccullough
Member since:
2006-01-26

All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).

I'm not sure why that would indicate that the source code was compromised (although, perhaps the download archive itself contains sources which were also messed with).

In any case, I think this clearly indicates a distribution weakness - and I don't think this is directly attributable to the open source nature of this project (which I'm sure is what many people are claiming). Similar malware could probably be easily attached to a closed source Windows/OS X binary package being distributed via untrusted mirrors or give non-trusted people access to your release area just as well.

Edited 2010-06-15 01:51 UTC

Reply Score: 3