Linux Infected by Trojan

J

John_Keck

Limp Gawd
Joined
May 3, 2010
Messages
379
A Trojan was placed inside the Unreal IRC server and gives the bad dudes almost complete control. Oops! Moral of the story: don’t get cocky, Linux users.

This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in).
Click to expand...
 
Linux, Windows nor Mac can prevent a user from downloading a trojan and running it. This is not a hack or any representation against the OS's security and the package was not delivered by the distro or community.
 
longblock454 said:
Linux, Windows nor Mac can prevent a user from downloading a trojan and running it. This is not a hack or any representation against the OS's security and the package was not delivered by the distro or community.
Click to expand...

QFT
 
longblock454 said:
Linux, Windows nor Mac can prevent a user from downloading a trojan and running it. This is not a hack or any representation against the OS's security and the package was not delivered by the distro or community.
Click to expand...

This.
 
longblock454 said:
Linux, Windows nor Mac can prevent a user from downloading a trojan and running it. This is not a hack or any representation against the OS's security and the package was not delivered by the distro or community.
Click to expand...

You are too fast. I was going to post something much like this.
 
No operating system is perfect. Even OpenBSD in the hands of a noob is subject to destruction.
 
I was really hoping people would get riled up over this. You guys bring little entertainment.
 
MrGuvernment said:
Doesnt that mean it does not matter?

Also, doesnt linux usually run in a non admin account anyways, so this back door, if a non admin runs it still gets full control?
Click to expand...

The article is wrong, or we're not understanding what they meant to say. It is not hacking the root password or any other clever attack/work-a-round, or this would be HUGE news posted all over the place.
 
Why does this article even have linux in the title? UnrealIRCD is in no way affiliated with the Linux kernel, or any distributions.

I find this lack of clue disturbing.
 
notnyt said:
Why does this article even have linux in the title? UnrealIRCD is in no way affiliated with the Linux kernel, or any distributions.

I find this lack of clue disturbing.
Click to expand...

It speaks more to the stupidity of the UnrealIRCD team, then to Linux. Frankly that It took this long to discover is unconscionable.
 
Bash said:
It speaks more to the stupidity of the UnrealIRCD team, then to Linux. Frankly that It took this long to discover is unconscionable.
Click to expand...

True, but this trojan was not in their source, it was swapped on one of the mirrors.
 
The headline makes it sound as if Windows users are cheering for other operating systems to get rooted. Please don't lower yourself to the level of politicians. BTW, any OS can be easily rooted if a clueless user runs a compromised binary.

No OS has ever been immune to this.
 
A program designed for Linux was infected. If you ran this program as root then you deserved to get your system taken over. Chroot the program at the least.
 
Bash said:
Still sucks that it took months for this to come to light. MD5 anyone?
Click to expand...
How many people really install form source? Most use packages. The question is are distro's/repo's packages in trouble too?
 
User vulnerability. Same as most "exploits", (I use the term loosely), these days.
Anyone notice that the scumbags seem to have taken to targeting the weakest link, the users, over the last couple years?
Why bother trying to hack into a Nix, Win, or OSX system, when the user will open up the door and invite you in as often as not.
 
Emission said:
Lol, the noble order of the Linux Crusaders are quick to defend.
Click to expand...

Meanwhile the Noble order of Windows Defenders rally.
montypython.jpeg
 
longblock454 said:
Even funnier, a Windows guy thinking he posted a headline to an actual Linux vulnerability :D
Click to expand...
I want to punch that twat in the face. His overall attitude and stupidity just piss me off.

1) "Hurrr! Linux got hacked!" This could happen to anyone. Linux, Windows, Mac, any code can get boned over. Its like going "Hurrr! You left your Ford unlocked and it got stolen!" and blaming Ford. Any dumb ass with a car can do that.

2) "Hurrr! The Windows code wasn't infected!" No... the Windows PROGRAM wasn't infected. I love how he cut out some key text just to take a stab at Linux. He posted "The Windows (SSL and non-ssl) versions are NOT affected.". The actual line with the missing key information from UnrealIRCd's site "Official precompiled Windows (SSL and non-ssl) binaries are NOT affected."

There is a big fucking difference between source code and precompiled (packaged) releases. It is probably possible but much harder to inject code into a precompiled package than it is to alter the source code. This alone makes me want to punch this fucking idiot.

3) Another reason that the Windows version was not touched is how many people really run IRC servers on Windows boxes let alone a IRCd server that has its roots in Linux? So why hack the code for a version that might be used 50 times when you can hack the code (eaiser i might add because of #2) for a version that might be used 1,000 times?
 
necrosis said:
How many people really install form source? Most use packages. The question is are distro's/repo's packages in trouble too?
Click to expand...

The binaries need to come from somewhere (namely the distro's dev's who compile from source for the users)

The thing about linux is it relies on a degree of trust and many-eyes

The last time something like this occurred someone tried to sneak a trojan into a firefox package for a certain distro. This was spotted and removed fairly quickly.

It sucks but people out there will do stuff like this. Common practices would minimise the damage, eg running the ircd as nobody (which most hardened distro's would do)
 
come back when you can post an "Apple infected by trojan" headline.

that would be more entertaining
 
misleading sensationalist headline

social engineering is agnostic & is trumped only by being off-line
 
hescominsoon said:
A program designed for Linux was infected. If you ran this program as root then you deserved to get your system taken over. Chroot the program at the least.
Click to expand...
No. UnrealIRCD runs on many OS's, including Windows. I've run an Unreal IRC server on my Windows system.
 
The ones complaining about "you wouldn't run it as root anyway" don't appear to be terribly familiar with desktop linux. There are two typical ways to install software. The right way (apt-get install software* (as root)) which only works for things that somebody has packaged for your distribution, and running make/make-install as root (from software that only exists as sources.

If linux wants to stay secure (a really good idea when you are competing with a company with such comical security standards as microsoft), they need to use something like SELinux, and enforce whitelists and specific actions each software package is allowed to commit. It might not stop a game server from acting like a spam server, but it would allow all the non-server software to be prevented from grabbing the network port and shooting out spam, and put any software that does require such power to be held in the spotlight.

Technically, Microsoft could do this as well. It would look something like the Apstore and be the only way to install software on "your" windows machine. The mind boggles at the legal issues, much less the political issues in countries less favorable to Microsoft.
 
When I 1st read this I thought that someone Viri'd an Unreal Tourny server or whatever and wondered why the hell would someone do that?
 
Wumpus said:
The ones complaining about "you wouldn't run it as root anyway" don't appear to be terribly familiar with desktop linux. There are two typical ways to install software. The right way (apt-get install software* (as root)) which only works for things that somebody has packaged for your distribution, and running make/make-install as root (from software that only exists as sources.

If linux wants to stay secure (a really good idea when you are competing with a company with such comical security standards as microsoft), they need to use something like SELinux, and enforce whitelists and specific actions each software package is allowed to commit. It might not stop a game server from acting like a spam server, but it would allow all the non-server software to be prevented from grabbing the network port and shooting out spam, and put any software that does require such power to be held in the spotlight.

Technically, Microsoft could do this as well. It would look something like the Apstore and be the only way to install software on "your" windows machine. The mind boggles at the legal issues, much less the political issues in countries less favorable to Microsoft.
Click to expand...
To bad SELinux is stupidly complicated to set up. First thing I do on my installs is disable it. Then again this is on my personal server.
 
Why does the headline say Linux when this is clearly about an iRC program?:rolleyes: Something tells me that the author of the article is the kind of guy that says, "yes I would like to DL that special Media Player plugin so I can watch Kandy undress."
 
funny thing about some of the points are actually just the same with a windows system, the only diff now I see between Windows and Linux, is that the most of the Stupid users are on WIndows.
 
not that this topic or news will ever get renamed (most likely just get locked at some point)

Title should say unrealircd Infected by Trojan (multi-patform)

the Source code affects all versions not just linux, the pre-compied {what Most would get you would think} is unaffected

you got 5year + members talking and still not correcting stuff (this 3rd time in last 3-4 months)
 
You must log in or register to reply here.
Back
Top