Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430122
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

what does this have to do with Linux/*BSD/etc?


Not a lot.

UnrealIRCd is an open source, multi-platform, relatively obscure (on Linux) IRC server program.

http://en.wikipedia.org/wiki/UnrealIRCd

Someone found out that the distribution method for the Linux version of this particular program was the same as for other platforms ... it is distributed for Linux via an unsigned binary file.

Someone decided to attach a trojan to the binary file and replace the original Linux distribution file with the trojan-infected file for Linux on some of the UnrealIRCd mirrors, where it went undetected for a lengthy period.

As anyone knows, distributing unchecked binary files is a perfect vehicle for disseminating trojans. It was apparently on someone's agenda to illustrate that this is just as true for a Linux version of an application as it is for any other OS.

Edited 2010-06-15 13:23 UTC

Reply Parent Score: 2