Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430096
To read all comments associated with this story, please click here.
Comment by yoshi314@gmail.com
by yoshi314@gmail.com on Tue 15th Jun 2010 11:28 UTC
yoshi314@gmail.com
Member since:
2009-12-14

i remember when wordpress 2.1.1 was compromised in this way ( http://wordpress.org/development/2007/03/upgrade-212/ ) but the issue was caught pretty fast.

in this case - 6 months, and nobody noticed? that kind of failure cannot possibly be described correctly.

Reply Score: 1

lemur2 Member since:
2007-02-17

i remember when wordpress 2.1.1 was compromised in this way ( http://wordpress.org/development/2007/03/upgrade-212/ ) but the issue was caught pretty fast.

in this case - 6 months, and nobody noticed? that kind of failure cannot possibly be described correctly.


On Ubuntu, there are at least three different IRC servers that can be installed directly via the normal repositories using apt-get or synaptic.

http://ubuntuforums.org/showthread.php?t=233146

They are ircd-hybrid, bahamut and ircd-ircu

http://ircd-hybrid.com/
http://www.dal.net/?page=Bahamut
http://coder-com.undernet.org/

I would suggest perhaps that the audience for this UnrealIRCd program is not all that large. Maybe nobody downloaded it.

Reply Parent Score: 0

Aristocracies Member since:
2010-06-15

I'm registering just because watching you talk out of a completely ignorant position is just maddening.

Most irc daemons are compiled from source, they are not fetched as packages. You have a number of compile-time options you have to consider, such as setting hard-coded options and limits that may matter based upon the services you provide. Deploying a server from a package is ill-advised and I cannot think of any major IRC network where they would commonly link to a server running such a thing, since all of them have configuration standards you have to meet, not all of them similar and not all of them may be tunable via a configuration file depending on your ircd.

In fact, out of the three you listed there, one of them had a spotty security track record already on its own (Bahamut), one has been forked and pretty much depreciated (Hybrid, the biggest backers are pushing Ratbox) and the other is obscure at best (ircu), being an absolutely archaic codebase used primarily by a single, formerly notable network.

Calling UnrealIRCd 'obscure' because it's not on a package list is taking the cake on this drivel I see you post here. Had you even done a cursory search on this, such as checking any of the sites constantly scanning for and crawling ircd servers -- you'd find out that Unreal is actually the most popular ircd deployed, period.

http://searchirc.com/ircd-versions

Seriously.

So yes, this is a bigger deal than you'd think.

Reply Parent Score: 1

WereCatf Member since:
2006-02-15

in this case - 6 months, and nobody noticed? that kind of failure cannot possibly be described correctly.

The explanation is rather simple: it was not the main server that was compromised nor any distribution repositories, only mirror servers. As such the malware issue couldn't be very widespread. Even more so that UnrealIRCD is mostly used by rather small IRC networks; had it been used by a very large network the backdoor would most likely have been noticed a whole lot earlier (if they had downloaded UnrealIRCD from a mirror and not from the actual distro repos, which is highly unlikely and stupid anyway in the case you host a public server.)

It's just plain common sense that it took a while to be found.

Reply Parent Score: 3