Linux Trojan Raises Malware Concerns

Alan22 · #1 06-14-2010, 12:46 PM

Linux Trojan Raises Malware Concerns

Quote:

Linux Trojan Raises Malware Concerns
Tony Bradley Tony Bradley
Sun Jun 13, 9:46 am ET

.[Author's Note: The article has been modified to correct the assertion that Unreal IRC has any relation to Unreal--the first-person shooter developed by Epic Games.]

I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting.

Unreal IRCd Forums states "This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."

The post goes on to say "It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now."

Unreal IRC is an Internet relay chat platform. I don't have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan.

However, none of those systems should be in a place of business, so the risk from a business perspective is not very high. IT administrators can learn, though, from the mea culpa at the end of the UnrealIRCd Forums post. "We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so."

Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn't a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.

To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference--according to the many lectures I have received in the comments of articles I have written on Windows security--is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months.

The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren't running Unreal, but it's quite possible that Unreal is not the only compromised software available.

Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren't exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.

Don't make the mistake of simply assuming Linux systems are safe because they're Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.

PcTek9 · #2 06-15-2010, 05:13 PM

well... efnet runs ratbox, undernet runs inspircd, dalnet does not even run unreal ircd.

ircd is for the few people in the world that want to have their OWN irc server with thousands of chatters on it.

it's an irc SERVER program. unreal irc is crappy and linux professionals know it. I understand a few hardly used networks are using unreal irc, and that is their perogative.

ratbox is very secure and androsyn the guy that develops it is a genius at programming. Most of the internets irc traffic is not on unreal irc, but instead a different program altogether.

I ran irc.technet.org an irc server from right here that could host 50,000 chatters. But few people ever used it. So I took it down. You can run an irc chat server from your home pc or a business pc or rent a pc in 'cyberspace' and run it there.

It requires very little bandwidth, and very little resources so you can run it on an old piece of crap pc.

finally - 99.999999999999% of the people will never run an irc server...

It sets you up to be attacked by cyber hackers from all over the world, and it's not very rewarding.

You open yourself to lawsuits from adults acting like children, to trafficking all sorts of bad material from stolen software and pornography to high end encryption algorithyms.

* final note, none of the big irc networks are using this... not one.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode