Trojan Discovered in Linux Version of UnrealIRCd

Tagged: Linux, Trojan, Software
Source: techgage - Read the full article
Posted: 4 years 15 weeks ago

The reasons one might choose to use an alternative OS varies depending on the person, and their goals, but one of the more common arguments made towards using a non-Windows OS is overall PC security. It's a good one, too. Microsoft's Windows, as a market-leading OS, has been the target of crackers and less-than-reputable beings for many years, and at this point, you really need to be careful about what you do in the OS - and not to mention lace yourself up with lots of protection.

I doubt many would dispute the fact that Windows users have a far greater chance of having their PC's infected with some sort of malware or virus than others, but neither Mac OS X or Linux have been completely devoid of such potential either. In the past, various forms of shady software has been discovered for these OSes, but at the end of the day, their effect had been minimal.

With both OS X and Linux growing in popularity, the potential for shady characters to begin targeting those OSes, especially OS X given its rapid growth, is reason for real concern. This was highlighted just mere days ago by the developer of the Unreal IRC daemon, a tool that allows folks to set up their own IRC servers and allow users to connect to them with whichever software they choose.

As it appears, someone in November of 2009 implemented a trojan into the main .tar.gz archive that housed the program's source code - code that Linux users would then compile and install. As the trojan targeted only this one file, Windows users were left alone, unless they chose to download the same source code and compile it on their own (most do not) in order to produce a Windows binary.

The trojan isn't to be taken lightly, as it essentially allows someone to enter a backdoor and take on the permissions that the 'unrealircd' user has. Most often, users created by applications such as these don't have the greatest of permissions, so the effect could be minimal. At least this is what I'd assume, because if someone was able to take advantage of the backdoor to the user's full extent, I'd have to imagine we would have learned of this issue long, long ago.

If you happen to be using UnrealIRCd, you can upgrade to the latest (as in, trojan removed) version. The developers have also amped up their security measures to assure that this doesn't happen again, including implementing a GPG key for users to verify the download before installing.

As a Linux user, news of this trojan doesn't do much to scare me, as the incident has been quite isolated and its effects minimal, which is proven by the fact that it took so long for it to even be discovered. The software here wasn't hosted on a website that most people would recognize (as in, a distro's repository or well-known software developer's website). There was an obvious security issue here, where someone was able to get this trojan in, and for the most part, those kinds of breaches are uncommon, given how serious most Linux server admins take security. Still, I hope we don't begin seeing more of this, else malware scanners for Linux and OS X may become just as common as their Windows counterparts.

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).

 

Comments

Tiv
Tiv's picture
Offline
Joined: 08/12/2009
Posts: 3584

Most of the coding in Linux is made by programmers that are paid by companies. Does that make you feel safer? A hack in the software that they find months later did its job well regardless of how secure everyone felt.

I sleep fine at night knowing we are banning people who deserve it.  Tivon
Don't test my skills, I was trained by myself! Check out my Gaming Videos!

massau
Offline
Joined: 04/05/2010
Posts: 236

Tiv wrote:

Linux should be hacked more IMHO. Just because it's open does not make it safer.

just don't forget it is open so if there is a bad virus in it than companies will notice it  and they will make an update that avoids this virus so in that way it is safer (or at least theoretical) so linux will probably change as fast as the virus changed but windows can't do that because they want to make money so if they upgrade it to fast why should we upgrade to the next one?

Andreas Hofer
Andreas Hofer's picture
Offline
Joined: 10/31/2009
Posts: 121

I agree, and of course it ain't more secure because for the average user and especially your standard user type, linux is way to complicated to deactivate all open doors and windows. If you are a total security freak just don't connect the pc to your network and never use any kind of external memory -  welcome to the dark ages.

Tiv
Tiv's picture
Offline
Joined: 08/12/2009
Posts: 3584

Linux should be hacked more IMHO. Just because it's open does not make it safer.