Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430066
To read all comments associated with this story, please click here.
Most of it is Hype, but not from OSNews
by Lennie on Tue 15th Jun 2010 07:41 UTC in reply to "Comment by ssa2204"
Lennie
Member since:
2007-09-22

I've seen many sources, for example:

http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malwa...

As r_a_trip already mentioned:

"The incident has nothing to do with Operating System or development methodology (open or closed).

The take away is that sloppy software projects, with a non-existent security process will sooner or later get compromised and serve their customers poisoned goods. Could happen anywhere, irrespective of platform or chosen software licensing."

And that's the only useful response.

But it seems the Gentoo folks were being stupid too:

http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml

Atleast ALL distributions are now warned and thank god it was only the UnrealIRCd.

When you are creating packages for distributions, you should get the source from the source, not some mirror as in the case of Gentoo. You should check md5-keys at the source.

When it's a smaller package I wouldn't be surprised many package maintainers also take a look at the patch between the versions. So you know exactly what changed between versions.

Edited 2010-06-15 07:56 UTC

Reply Parent Score: 2