Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430322
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

Let's move on to productive discussion like what processes allowed it to enter the distribution, how it can be caught in the future, *how fast it was patched*, how/if any other distributions where affected. Sticking your head in the sand and saying "it's perfect, it's perfect, it's perfect" over and over doesn't make it so.


I still can't believe it, but there it is.

Mitigation of future occurrences is exceedingly simple: don't do this. Don't propagate unsigned binary packages. Period. Simple. Elementary. Totally do-able. Perfectly effective. Has, in fact, been the standard practice to avoid trojans for donkey's years. Gentoo, apparently, just didn't get the memo.

Removal from infected systems: Reformat "/" partition (leave /home partition as is). Re-install OS. 20 minutes or so downtime. While you are at it, you might also consider using another distribution that isn't quite so brain dead.

PS: it looks like someone in Arch Linux community fell for this trojan for a little while also:
http://bbs.archlinux.org/viewtopic.php?pid=774951
I should remember to check the website before trusting supposedly up to date mirrors I guess.


Very disappointing indeed. One should never trust an unsigned binary package.

Edited 2010-06-16 12:55 UTC

Reply Parent Score: 2