Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430383
To read all comments associated with this story, please click here.
Aristocracies
Member since:
2010-06-15

You still haven't grasped the fact that this trojan wasn't in an executable binary. None of the provided executable binaries were infected, in fact, they only provide a Windows binary. Someone had replaced the source tarball with one that had the backdoor in the source code itself. This allowed anyone who built the daemon to have anyone connected to the IRC service execute arbitrary commands as the user the daemon ran as. The potential for abuse there if one was motivated is mindboggling, since it'd be trivial to take control of the entire service from that point.

Anyone who downloaded this and compiled it had an issue. In fact, all the fix scripts for this are simply cleaning a header file, then you have to recompile. Or you could just grab a known clean tarball now and check against the provided hashes.

Sure, they should have been doing more and in fact, now are. But you're still a crazed autistic who can't be bothered to read anything to get his facts straight. I'm sure your reply will be more drivel attacking the Unreal team and then some further distractions like 'hurr tarballs are binaries too', all of which you're throwing forth because someone wrote a mean article about your preferred OS, even if no one in their right mind would take said article seriously. ;)

Edited 2010-06-16 19:17 UTC

Reply Parent Score: 1