Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430170
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by lemur2 - file hash
by jabbotts on Tue 15th Jun 2010 19:42 UTC in reply to "RE: Comment by lemur2"
jabbotts
Member since:
2007-09-06

Shame the developers didn't provide a file hash for verification from the beginning. That would have at least caught this on it's way into any reputable distributions even if one-off home users didn't bother to verify.

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

Shame the developers didn't provide a file hash for verification from the beginning. That would have at least caught this on it's way into any reputable distributions even if one-off home users didn't bother to verify.


It wasn't in any distributions. Too obscure.

The whole reason the UnrealIRCd trojan happened was because distribution for this obscure package was done OUTSIDE of any distribution or package manager system.

UnrealIRCd for Linux was distributed in exactly the same way that Windows executables are often distributed. Because it was distributed this way, then just like those Windows packages it was able to be used to carry a trojan.

Edited 2010-06-15 23:08 UTC

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

Secunia Advisory SA40147
Gentoo update for unrealircd
http://secunia.com/advisories/40147

Bugzilla Bug 323691
=net-irc/unrealircd-3.2.8.1 remote command execution via backdoor (CVE requested)
http://bugs.gentoo.org/show_bug.cgi?id=323691

Important Security Update for UnrealIRCd in Gentoo
http://www.linuxcompatible.org/news/story/security_update_for_unrea...

Gentoo alert 201006-21 (unrealircd)
http://lwn.net/Articles/392099/

Encase those are too subtle:

"the malware-compromised code was included in the official Gentoo distribution", since Nov. 2009.
http://www.webhostingtalk.com/showthread.php?t=956392


These are not random news sites sensationalizing the information. Maybe I'm imagining all those links?

Stop being so emotionally involved in your chosen soapbox. Your doing the exact thing the media spin outlets are doing; over-reacting and focusing on a single misrepresented point rather than what is actually of value. Let's move on to productive discussion like what processes allowed it to enter the distribution, how it can be caught in the future, *how fast it was patched*, how/if any other distributions where affected. Sticking your head in the sand and saying "it's perfect, it's perfect, it's perfect" over and over doesn't make it so.

(The irony here is your so spun up in rationalizing your single point that your attacking people like me who are primarily and enthusiastically Linux based platform users and administrators.)

Reply Parent Score: 2