Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430269
To view parent comment, click here.
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

What I find more amazing is now you are trying to reframe the argument. This conversation is about irc daemons and the people who would be at risk. If you're running an ircd, chances are you could be at risk.


Absolutely. You are ESPECIALLY at risk if you are in the habit of downloading unsigned binary packages and installing them, unchecked in any way, on your system. I couldn't agree more. This applies for ANY OS, and for any type of applictaion, not merely IRC server applications.

Regardless of how this attack vector occurred, this is still a blow to the most popular ircd for folks running irc networks so far as their perceived reputation.


What reputation? They haven't got a reputation worth schmick if they simply ignore the secure distribution methods for Linux applications that are freely available to them, and they simply plonk an unsigned binary package on a server somewhere, and then fail to check it for many months. No-one in their right mind would be using a package such as that, or indeed running their software. That would be utterly crazy, asking for trouble.

Regardless of how many people are actually running the daemon itself, there sure as hell are quite a few more people actually using the servers as clients who also would be impacted by this.


What, we are up to 0.000026% now (ten times as many users who run it in client mode). Whoopee. That really takes it well out of the "obscure" class now ... NOT!!!!

Fact is, you still don't know what you're discussing but you've got your panties in a twist now that someone who actually has real experience here has called you on this. Enjoy. Good to know OSNews puts up with you.


Diddums is going to have another ad hominem potshot at me now? How quaint.

Edited 2010-06-16 06:04 UTC

Reply Parent Score: 2

saynte Member since:
2007-12-10

Sorry, but Aristocracies is absolutely right. He has provided data to back-up the claim that the daemon is popular in its field, and (as he stated) even if the numbers of servers aren't large, the clients would be more considerable (Wikipedia has some estimate of a half-million IRC clients).

He is also correct that you went off on several tangents unrelated to the topic of potential impact of this vulnerability, calling IRC obscure, anyone who installed this incompetent, a few guesses based on total IP space, etc.

Your argument is appears incredibly weak compared to his, you may want to stop discussing this if you can't produce better formed responses that are actually on-topic.

Reply Parent Score: 1

lemur2 Member since:
2007-02-17

Sorry, but Aristocracies is absolutely right. He has provided data to back-up the claim that the daemon is popular in its field, and (as he stated) even if the numbers of servers aren't large, the clients would be more considerable (Wikipedia has some estimate of a half-million IRC clients).

He is also correct that you went off on several tangents unrelated to the topic of potential impact of this vulnerability, calling IRC obscure, anyone who installed this incompetent, a few guesses based on total IP space, etc.

Your argument is appears incredibly weak compared to his, you may want to stop discussing this if you can't produce better formed responses that are actually on-topic.


Aristocracies is the one who went of on the tangent. It was his whole point that this IRC server daemon was somehow in his view not an obscure application, when clearly it is. It could scarcely be more obscure. Even though there is a Linux version, it is included in no Linux distribution repositories at all. I merely mentioned this in passing.

Furthermore, it truly is incompetent, both of the application authors and of anyone who installed it, to have been caught out by this trojan. There was totally no need to have been so caught out, since there are a number of means readily available to distribute Linux applications securely, so that trojans cannot get a look in. Signing the package is a very obvious thing to have done, but these developers failed to do even that. The developers even admitted to being very embarrassed by their utter lack of even the simplest security measures.

Anyone who had even the vaguest understanding of normal methods of distribution of Linux software should not have touched this particular package with a ten foot barge pole.

Unsigned binary packages simply downloaded from a server and manually installed is the absolutely classic vector for trojan horse malware injection.

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
Trojan horses can be installed through the following methods:
* Software downloads (e.g., a Trojan horse included as part of a software application downloaded from a file sharing network)


I'm sorry, but this is in the very first page of security 101 for dummies ... don't do this. Don't do unsigned binary installation packages. Refuse point blank to ever install such things.

Edited 2010-06-16 11:51 UTC

Reply Parent Score: 2