News Linux IRC daemon Trojan uncovered

http://www.bit-tech.net/news/bits/2010/06/14/linux-irc-daemon-trojan/1

 

In my opinion, the open-source nature of linux software is it's biggest security problem.

Of course, the benefits outweigh the potential downsides, but that is only true as long as changes to the source are regularly checked by other maintainers. If nobody checks what it is that is being added to the source code, this is bound to happen again and again and again, as it becomes the easiest attack vector.

Hopefully this will prompt other open-source package maintainers who haven't been as diligent as they should have been to pull their socks up and check their code base.

Of course, this could have just been an isolated incident.

 

i'm pretty sure this was an isolated incident. However, all the anti-virus companies would love it if virus' came to linux, a whole other source of income for them!

 

at least linux users don't claim with as much passion as mac users that they can't get a virus!

 

it 'could' be an isolated incident, but it may prove to be more of a testbed, 'lets see how long it takes for someone to find this, are linux users dumb enough not to check'

i don't care what os people use, best practice is to have some sort of AV product. software is like humans, non of it is perfect, flaws can be made and found.

 

I've said it before and I'll say it again. I don't believe ANY OS is completely safe and secure regardless of how open or not it is. Anyone willing enough to have a go to crack it, usually does.

Backup your data, regularly check for updates to EVERYTHING and not just your anti-virus software and only download porn from respectable sources!

 

This does rather highlight the core futility of open source. Yes, you can get the source code. Yes, you can modify it. Yes, you can check it for viruses.

If you happen to have a lot of very specific knowledge.

 

It's just occurred to me that Sophos seems to be coming out with a lot of stories about how this and that is insecure, but they could make it better, if you pay them. Just worth bearing in mind that they do have a vested interest in people being afraid of insecure computers.

 

With open source software at least you can _find_ the backdoors, if you look. With closed source software you just have to rely on the maintainer to tell you the source is good.

 

The problem was with the file on the mirrors being changed to a bad version, not their source repository, or the official site. While this is an issue that needs to be looked at and addressed, it's not as big as its being made out to be.

It's like downloading an update to a program from download.com or softpedia that's infected with a virus.

More Info: http://forums.unrealircd.com/viewtopic.php?t=6562

 

OIC. I wonder why that wasn't specified. It does make a big difference, and makes me look a bit of a plonker.

I'll be in the corner, if anyone needs me

 

they let the weasel in the backdoor..

 

You're entitled to your opinion but I wouldn't recommend voicing it on the OpenBSD mailing lists.

 

It would be a laugh to try, though. =D

I do love OSS and what it stands for. That's why I've got an N900. But I do worry about this kind of attack.

It won't stop me from using OSS though

 

In some ways I'm glad about this.

I much prefer Linux-based OSes to Windows OSes, however the suggestion by Unix-based OS users that 'We don't need a virus checker' is a bit silly (as this shows, viruses can and do affect Unix-based systems)

 

Would an AV program have actually stopped the trojan? Afterall, it is in the repository and it is being run as the highest possible access level. Should be a walk in the park to have it disable any other programs along the way.

 

It was a source.tar.gz on a mirror that was compromised with a built in back door, I don't think it ever made it to a distro repository.

This wouldn't have been detectable with a virus scanner, although it may be detectable with something like SELinux or AppArmor.

This back door would allow a remote user to run commands with the permissions of the user running UnrealIRCd, which ideally should not have permissions to anything else.

 

This is real scary, a program going for too long with a nasty backdoor, but it seems this is OLDER than the guys at unrealirc are saying, maybe it was proposital..

http://neko3koneko.wordpress.com/2010/06/20/could-we-have-stopped-the-raise-of-this-linux-backdoor/

lol!?