Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430318
To view parent comment, click here.
To read all comments associated with this story, please click here.
jabbotts
Member since:
2007-09-06

Secunia Advisory SA40147
Gentoo update for unrealircd
http://secunia.com/advisories/40147

Bugzilla Bug 323691
=net-irc/unrealircd-3.2.8.1 remote command execution via backdoor (CVE requested)
http://bugs.gentoo.org/show_bug.cgi?id=323691

Important Security Update for UnrealIRCd in Gentoo
http://www.linuxcompatible.org/news/story/security_update_for_unrea...

Gentoo alert 201006-21 (unrealircd)
http://lwn.net/Articles/392099/

Encase those are too subtle:

"the malware-compromised code was included in the official Gentoo distribution", since Nov. 2009.
http://www.webhostingtalk.com/showthread.php?t=956392


These are not random news sites sensationalizing the information. Maybe I'm imagining all those links?

Stop being so emotionally involved in your chosen soapbox. Your doing the exact thing the media spin outlets are doing; over-reacting and focusing on a single misrepresented point rather than what is actually of value. Let's move on to productive discussion like what processes allowed it to enter the distribution, how it can be caught in the future, *how fast it was patched*, how/if any other distributions where affected. Sticking your head in the sand and saying "it's perfect, it's perfect, it's perfect" over and over doesn't make it so.

(The irony here is your so spun up in rationalizing your single point that your attacking people like me who are primarily and enthusiastically Linux based platform users and administrators.)

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

Let's move on to productive discussion like what processes allowed it to enter the distribution, how it can be caught in the future, *how fast it was patched*, how/if any other distributions where affected. Sticking your head in the sand and saying "it's perfect, it's perfect, it's perfect" over and over doesn't make it so.


I still can't believe it, but there it is.

Mitigation of future occurrences is exceedingly simple: don't do this. Don't propagate unsigned binary packages. Period. Simple. Elementary. Totally do-able. Perfectly effective. Has, in fact, been the standard practice to avoid trojans for donkey's years. Gentoo, apparently, just didn't get the memo.

Removal from infected systems: Reformat "/" partition (leave /home partition as is). Re-install OS. 20 minutes or so downtime. While you are at it, you might also consider using another distribution that isn't quite so brain dead.

PS: it looks like someone in Arch Linux community fell for this trojan for a little while also:
http://bbs.archlinux.org/viewtopic.php?pid=774951
I should remember to check the website before trusting supposedly up to date mirrors I guess.


Very disappointing indeed. One should never trust an unsigned binary package.

Edited 2010-06-16 12:55 UTC

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

Very disappointing indeed. One should never trust an unsigned binary package.


FFMpeg has just released a new version that includes WebM.

http://www.h-online.com/open/news/item/FFmpeg-0-6-adds-WebM-VP8-sup...

So, as an independent open source project, as FFMpeg are, if you want to distribute packages to all & sundry, here is an example of how to do it:

http://www.ffmpeg.org/download.html
Note that these releases are intended for distributors and system integrators. ...
FFmpeg 0.6 "Works with HTML5"

0.6 appeared on 2010-06-15. The release branch was cut on 2010-05-04.

Download bzip2 tarball MD5 SHA1 PGP signature
Download gzip tarball MD5 SHA1 PGP signature


Checksums and PGP signatures. Elementary. This is the most basic, fundamental security principle to prevent trojans.

Edited 2010-06-16 14:03 UTC

Reply Parent Score: 2