Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430101
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by yoshi314@gmail.com
by lemur2 on Tue 15th Jun 2010 11:56 UTC in reply to "Comment by yoshi314@gmail.com"
lemur2
Member since:
2007-02-17

i remember when wordpress 2.1.1 was compromised in this way ( http://wordpress.org/development/2007/03/upgrade-212/ ) but the issue was caught pretty fast.

in this case - 6 months, and nobody noticed? that kind of failure cannot possibly be described correctly.


On Ubuntu, there are at least three different IRC servers that can be installed directly via the normal repositories using apt-get or synaptic.

http://ubuntuforums.org/showthread.php?t=233146

They are ircd-hybrid, bahamut and ircd-ircu

http://ircd-hybrid.com/
http://www.dal.net/?page=Bahamut
http://coder-com.undernet.org/

I would suggest perhaps that the audience for this UnrealIRCd program is not all that large. Maybe nobody downloaded it.

Reply Parent Score: 0

Aristocracies Member since:
2010-06-15

I'm registering just because watching you talk out of a completely ignorant position is just maddening.

Most irc daemons are compiled from source, they are not fetched as packages. You have a number of compile-time options you have to consider, such as setting hard-coded options and limits that may matter based upon the services you provide. Deploying a server from a package is ill-advised and I cannot think of any major IRC network where they would commonly link to a server running such a thing, since all of them have configuration standards you have to meet, not all of them similar and not all of them may be tunable via a configuration file depending on your ircd.

In fact, out of the three you listed there, one of them had a spotty security track record already on its own (Bahamut), one has been forked and pretty much depreciated (Hybrid, the biggest backers are pushing Ratbox) and the other is obscure at best (ircu), being an absolutely archaic codebase used primarily by a single, formerly notable network.

Calling UnrealIRCd 'obscure' because it's not on a package list is taking the cake on this drivel I see you post here. Had you even done a cursory search on this, such as checking any of the sites constantly scanning for and crawling ircd servers -- you'd find out that Unreal is actually the most popular ircd deployed, period.

http://searchirc.com/ircd-versions

Seriously.

So yes, this is a bigger deal than you'd think.

Reply Parent Score: 1

lemur2 Member since:
2007-02-17

I'm registering just because watching you talk out of a completely ignorant position is just maddening. Most irc daemons are compiled from source, they are not fetched as packages. You have a number of compile-time options you have to consider, such as setting hard-coded options and limits that may matter based upon the services you provide. Deploying a server from a package is ill-advised and I cannot think of any major IRC network where they would commonly link to a server running such a thing, since all of them have configuration standards you have to meet, not all of them similar and not all of them may be tunable via a configuration file depending on your ircd. In fact, out of the three you listed there, one of them had a spotty security track record already on its own (Bahamut), one has been forked and pretty much depreciated (Hybrid, the biggest backers are pushing Ratbox) and the other is obscure at best (ircu), being an absolutely archaic codebase used primarily by a single, formerly notable network. Calling UnrealIRCd 'obscure' because it's not on a package list is taking the cake on this drivel I see you post here. Had you even done a cursory search on this, such as checking any of the sites constantly scanning for and crawling ircd servers -- you'd find out that Unreal is actually the most popular ircd deployed, period. http://searchirc.com/ircd-versions Seriously. So yes, this is a bigger deal than you'd think.


IRC servers are obscure, period.

Backup: search for "IRC" on this page:
http://en.wikipedia.org/wiki/Application_software
"Not found".

IRC barely even gets a mention on this page:
http://en.wikipedia.org/wiki/Instant_messaging

There are only 1500 IRC servers running worldwide:
http://en.wikipedia.org/wiki/IRC

The premier use of an IRC server these days seems to be for balckhats to control a Windows botnet via someone else's IRC server, so that they don't get pinged as the botnet owner.

Not a big demand for IRC server programs, is there?

The fact that UnrealIRCd for Linux was NOT distributed via package management guarantees that it will be obscure on Linux. Given the prevalence of malware on the Internet, who would be insane enough to install an unsigned, uncheckable obscure binary package these days, other than Windows users (who don't get much choice)?

The fact that it was obscure for Linux is underlined by the observation that this compromised UnrealIRCd package was hosted on mirrors for a significantly long time, and nobody even noticed.

Edited 2010-06-16 02:02 UTC

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

I'm registering just because watching you talk out of a completely ignorant position is just maddening.


Oh really?

you'd find out that Unreal is actually the most popular ircd deployed, period. http://searchirc.com/ircd-versions Seriously. So yes, this is a bigger deal than you'd think.


They are running out of IP4 addresses, that is 4,294,967,296 addresses. There are 1,500 IRC servers. Therefore, the entire market for IRC server programs is less than 0.000035% of the market for software (for machines on the Internet). Linux share of that would be 30% or less. UnRealIRCd share of that, lets be generous, perhaps 25%. UnRealIRCd for Linux is of interest to 0.0000026% of the market, at best.

[sarcasm]Big deal indeed.[/sarcasm]

In reality, 0.0000026% interest is obscure by anyone's definition.

Edited 2010-06-16 02:27 UTC

Reply Parent Score: 2

Aristocracies Member since:
2010-06-15

What I find more amazing is now you are trying to reframe the argument. This conversation is about irc daemons and the people who would be at risk. If you're running an ircd, chances are you could be at risk. Regardless of how this attack vector occurred, this is still a blow to the most popular ircd for folks running irc networks so far as their perceived reputation.

Regardless of how many people are actually running the daemon itself, there sure as hell are quite a few more people actually using the servers as clients who also would be impacted by this.

Fact is, you still don't know what you're discussing but you've got your panties in a twist now that someone who actually has real experience here has called you on this. Enjoy. Good to know OSNews puts up with you.

Reply Parent Score: 1