Oops. Unreal IRC server has a backdoor.

Community announcements - software releases, LUG meetings etc.

Moderators: ChrisThornett, LXF moderators

Oops. Unreal IRC server has a backdoor.

Postby bobthebob1234 » Mon Jun 14, 2010 12:24 pm

Hi all,

This is very embarrassing…

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it.


Source: http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malware-monopoly-is-over/2206
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
User avatar
bobthebob1234
LXF regular
 
Posts: 1373
Joined: Thu Jan 03, 2008 9:38 pm
Location: A hole in a field

Postby ollie » Mon Jun 14, 2010 1:18 pm

That's not great news, but it is one program not "Linux".

The programmers and maintainers of UnrealIRC have just learnt some valuable lessons. There are reasons for MD5 checksums and PGP/GPG signing and using limited accounts with secure access to servers. If these methods aren't implemented then problems can occur. Notice that CVS and pre-compiled versions weren't affected, just a tarball replaced on the main server.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby M-Saunders » Mon Jun 14, 2010 1:34 pm

That is indeed a rubbish headline. If it was a Firefox or OpenOffice.org binary shipped with Ubuntu, then it would be a big deal. But an IRC server? Something that only 0.001% of people ever use?

M
User avatar
M-Saunders
LXF regular
 
Posts: 2893
Joined: Mon Apr 11, 2005 12:14 pm


Return to Announcements

Who is online

Users browsing this forum: No registered users and 0 guests