Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430036
To read all comments associated with this story, please click here.
Source code?
by umccullough on Tue 15th Jun 2010 01:49 UTC
umccullough
Member since:
2006-01-26

All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).

I'm not sure why that would indicate that the source code was compromised (although, perhaps the download archive itself contains sources which were also messed with).

In any case, I think this clearly indicates a distribution weakness - and I don't think this is directly attributable to the open source nature of this project (which I'm sure is what many people are claiming). Similar malware could probably be easily attached to a closed source Windows/OS X binary package being distributed via untrusted mirrors or give non-trusted people access to your release area just as well.

Edited 2010-06-15 01:51 UTC

Reply Score: 3

RE: Source code?
by umccullough on Tue 15th Jun 2010 02:01 in reply to "Source code?"
umccullough Member since:
2006-01-26

All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).


Replying to myself (to clarify for all) - so it seems only the source tarball they provided for download was compromised.

Their CVS repo was not, and neither were the pre-compiled binary installers for Windows, etc.

Reply Parent Score: 2

RE[2]: Source code?
by lemur2 on Tue 15th Jun 2010 02:29 in reply to "RE: Source code?"
lemur2 Member since:
2007-02-17

"All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).
Replying to myself (to clarify for all) - so it seems only the source tarball they provided for download was compromised. Their CVS repo was not, and neither were the pre-compiled binary installers for Windows, etc. "

It is pertinent to note that neither was any code compromised which was actually a part of any GNU/Linux distribution.

Reply Parent Score: 2

RE[2]: Source code?
by aesiamun on Tue 15th Jun 2010 04:28 in reply to "RE: Source code?"
aesiamun Member since:
2005-06-29

While the source tarball was tainted, they didn't fix the md5 string file...anyone caring about security would have run an md5sum and compared it to what the original developers put up there as the original md5 sum.

Reply Parent Score: 3