1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Linux IRC daemon Trojan uncovered

Discussion in 'Article Discussion' started by CardJoe, 14 Jun 2010.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. eddtox

    eddtox Homo Interneticus

    Joined:
    7 Jan 2006
    Posts:
    1,296
    Likes Received:
    15
    In my opinion, the open-source nature of linux software is it's biggest security problem.

    Of course, the benefits outweigh the potential downsides, but that is only true as long as changes to the source are regularly checked by other maintainers. If nobody checks what it is that is being added to the source code, this is bound to happen again and again and again, as it becomes the easiest attack vector.

    Hopefully this will prompt other open-source package maintainers who haven't been as diligent as they should have been to pull their socks up and check their code base.

    Of course, this could have just been an isolated incident.
     
  3. hbeevers

    hbeevers Yes, it can play crysis!

    Joined:
    24 May 2010
    Posts:
    30
    Likes Received:
    0
    i'm pretty sure this was an isolated incident. However, all the anti-virus companies would love it if virus' came to linux, a whole other source of income for them!
     
  4. mi1ez

    mi1ez Active Member

    Joined:
    11 Jun 2009
    Posts:
    1,438
    Likes Received:
    18
    at least linux users don't claim with as much passion as mac users that they can't get a virus!
     
  5. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    it 'could' be an isolated incident, but it may prove to be more of a testbed, 'lets see how long it takes for someone to find this, are linux users dumb enough not to check'

    i don't care what os people use, best practice is to have some sort of AV product. software is like humans, non of it is perfect, flaws can be made and found.
     
  6. crazyceo

    crazyceo New Member

    Joined:
    24 Apr 2009
    Posts:
    563
    Likes Received:
    8
    I've said it before and I'll say it again. I don't believe ANY OS is completely safe and secure regardless of how open or not it is. Anyone willing enough to have a go to crack it, usually does.

    Backup your data, regularly check for updates to EVERYTHING and not just your anti-virus software and only download porn from respectable sources!
     
  7. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    This does rather highlight the core futility of open source. Yes, you can get the source code. Yes, you can modify it. Yes, you can check it for viruses.

    If you happen to have a lot of very specific knowledge.
     
  8. eddtox

    eddtox Homo Interneticus

    Joined:
    7 Jan 2006
    Posts:
    1,296
    Likes Received:
    15
    It's just occurred to me that Sophos seems to be coming out with a lot of stories about how this and that is insecure, but they could make it better, if you pay them. Just worth bearing in mind that they do have a vested interest in people being afraid of insecure computers.
     
  9. Andy Mc

    Andy Mc Well-Known Member

    Joined:
    23 May 2002
    Posts:
    1,725
    Likes Received:
    129
    With open source software at least you can _find_ the backdoors, if you look. With closed source software you just have to rely on the maintainer to tell you the source is good.
     
  10. Greenie

    Greenie New Member

    Joined:
    15 Sep 2005
    Posts:
    58
    Likes Received:
    0
    The problem was with the file on the mirrors being changed to a bad version, not their source repository, or the official site. While this is an issue that needs to be looked at and addressed, it's not as big as its being made out to be.

    It's like downloading an update to a program from download.com or softpedia that's infected with a virus.

    More Info: http://forums.unrealircd.com/viewtopic.php?t=6562
     
  11. eddtox

    eddtox Homo Interneticus

    Joined:
    7 Jan 2006
    Posts:
    1,296
    Likes Received:
    15
    OIC. I wonder why that wasn't specified. It does make a big difference, and makes me look a bit of a plonker.

    I'll be in the corner, if anyone needs me :wallbash:
     
  12. thehippoz

    thehippoz New Member

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    they let the weasel in the backdoor..
     
  13. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    You're entitled to your opinion but I wouldn't recommend voicing it on the OpenBSD mailing lists. :D
     
  14. eddtox

    eddtox Homo Interneticus

    Joined:
    7 Jan 2006
    Posts:
    1,296
    Likes Received:
    15
    It would be a laugh to try, though. =D

    I do love OSS and what it stands for. That's why I've got an N900. But I do worry about this kind of attack.

    It won't stop me from using OSS though
     
  15. tristanperry

    tristanperry Active Member

    Joined:
    22 May 2010
    Posts:
    907
    Likes Received:
    38
    In some ways I'm glad about this.

    I much prefer Linux-based OSes to Windows OSes, however the suggestion by Unix-based OS users that 'We don't need a virus checker' is a bit silly (as this shows, viruses can and do affect Unix-based systems)
     
  16. deadsea

    deadsea New Member

    Joined:
    9 Oct 2009
    Posts:
    197
    Likes Received:
    6
    Would an AV program have actually stopped the trojan? Afterall, it is in the repository and it is being run as the highest possible access level. Should be a walk in the park to have it disable any other programs along the way.
     
  17. Greenie

    Greenie New Member

    Joined:
    15 Sep 2005
    Posts:
    58
    Likes Received:
    0
    It was a source.tar.gz on a mirror that was compromised with a built in back door, I don't think it ever made it to a distro repository.

    This wouldn't have been detectable with a virus scanner, although it may be detectable with something like SELinux or AppArmor.

    This back door would allow a remote user to run commands with the permissions of the user running UnrealIRCd, which ideally should not have permissions to anything else.
     
  18. js999

    js999 New Member

    Joined:
    22 Jun 2010
    Posts:
    1
    Likes Received:
    0
Tags: Add Tags

Share This Page