Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430211
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

Shame the developers didn't provide a file hash for verification from the beginning. That would have at least caught this on it's way into any reputable distributions even if one-off home users didn't bother to verify.


It wasn't in any distributions. Too obscure.

The whole reason the UnrealIRCd trojan happened was because distribution for this obscure package was done OUTSIDE of any distribution or package manager system.

UnrealIRCd for Linux was distributed in exactly the same way that Windows executables are often distributed. Because it was distributed this way, then just like those Windows packages it was able to be used to carry a trojan.

Edited 2010-06-15 23:08 UTC

Reply Parent Score: 2