Linux IRC Server Gets Trojan, Press Harps On Linux Security
Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
E-mail Print r 5   · Read More · 111 Comment(s) http://osne.ws/i3c
Thread beginning with comment 430242
To view parent comment, click here.
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

I'm registering just because watching you talk out of a completely ignorant position is just maddening. Most irc daemons are compiled from source, they are not fetched as packages. You have a number of compile-time options you have to consider, such as setting hard-coded options and limits that may matter based upon the services you provide. Deploying a server from a package is ill-advised and I cannot think of any major IRC network where they would commonly link to a server running such a thing, since all of them have configuration standards you have to meet, not all of them similar and not all of them may be tunable via a configuration file depending on your ircd. In fact, out of the three you listed there, one of them had a spotty security track record already on its own (Bahamut), one has been forked and pretty much depreciated (Hybrid, the biggest backers are pushing Ratbox) and the other is obscure at best (ircu), being an absolutely archaic codebase used primarily by a single, formerly notable network. Calling UnrealIRCd 'obscure' because it's not on a package list is taking the cake on this drivel I see you post here. Had you even done a cursory search on this, such as checking any of the sites constantly scanning for and crawling ircd servers -- you'd find out that Unreal is actually the most popular ircd deployed, period. http://searchirc.com/ircd-versions Seriously. So yes, this is a bigger deal than you'd think.


IRC servers are obscure, period.

Backup: search for "IRC" on this page:
http://en.wikipedia.org/wiki/Application_software
"Not found".

IRC barely even gets a mention on this page:
http://en.wikipedia.org/wiki/Instant_messaging

There are only 1500 IRC servers running worldwide:
http://en.wikipedia.org/wiki/IRC

The premier use of an IRC server these days seems to be for balckhats to control a Windows botnet via someone else's IRC server, so that they don't get pinged as the botnet owner.

Not a big demand for IRC server programs, is there?

The fact that UnrealIRCd for Linux was NOT distributed via package management guarantees that it will be obscure on Linux. Given the prevalence of malware on the Internet, who would be insane enough to install an unsigned, uncheckable obscure binary package these days, other than Windows users (who don't get much choice)?

The fact that it was obscure for Linux is underlined by the observation that this compromised UnrealIRCd package was hosted on mirrors for a significantly long time, and nobody even noticed.

Edited 2010-06-16 02:02 UTC

Reply Parent Score: 2