06-14-2010, 04:53 PM
0
Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor? [updated] <-- clicky for full story
Update 12:30PM PDT 14-Jun-2010: It’s much worse than it appears. According to this report, the malware-compromised code was included in the official Gentoo distribution:
Would you consider it to be a big deal if it was found in a distribution? Gentoo just released an update to remove the backdoor.
http://packages.gentoo.org/package/net-irc/unrealircd
I’m sure there will be others, I believe the package is also available in Arch. I haven’t really looked to see if it was anywhere else.
The Gentoo bug report (warning: Gentoo’s certificate does not resolve to a trusted Certifying Authority) reports that it is VERIFIED and CLOSED with this comment:
The unrealircd taball in the gentoo mirrors _is_ affected (
Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the
_unaffected_ tarball. This discrepancy is how the backdoor was discovered.
So, please just flush the tar.gz from gentoo’s mirrors, teach people to not
blindly run “ebuild *.ebuild manifest”, and unrealircd’s SRC_URI does not
include the current upstream tarball location:
SRC_URI=”http://www.unrealircd.com/downloads/${MY_P}.tar.gz“
(unrealircd’s mirror system was compromised by the attacker and so the tarball
is temporarily being hosted at the official site).
There’s a great deal of comment in the Talkback section of this post about how official repositories can be trusted. It appears that system broke down thoroughly in this case.
Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates who claim that they don’t need any such protection. Today comes a shining example of why they’re wrong.
If you downloaded and installed the open-source Unreal IRC server in the last 8 months or so, you’ve been pwned. Here’s the official announcement: (CLICK HEADLINE FOR THE REST.)
Update 12:30PM PDT 14-Jun-2010: It’s much worse than it appears. According to this report, the malware-compromised code was included in the official Gentoo distribution:
Would you consider it to be a big deal if it was found in a distribution? Gentoo just released an update to remove the backdoor.
http://packages.gentoo.org/package/net-irc/unrealircd
I’m sure there will be others, I believe the package is also available in Arch. I haven’t really looked to see if it was anywhere else.
The Gentoo bug report (warning: Gentoo’s certificate does not resolve to a trusted Certifying Authority) reports that it is VERIFIED and CLOSED with this comment:
The unrealircd taball in the gentoo mirrors _is_ affected (
Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the
_unaffected_ tarball. This discrepancy is how the backdoor was discovered.
So, please just flush the tar.gz from gentoo’s mirrors, teach people to not
blindly run “ebuild *.ebuild manifest”, and unrealircd’s SRC_URI does not
include the current upstream tarball location:
SRC_URI=”http://www.unrealircd.com/downloads/${MY_P}.tar.gz“
(unrealircd’s mirror system was compromised by the attacker and so the tarball
is temporarily being hosted at the official site).
There’s a great deal of comment in the Talkback section of this post about how official repositories can be trusted. It appears that system broke down thoroughly in this case.
Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates who claim that they don’t need any such protection. Today comes a shining example of why they’re wrong.
If you downloaded and installed the open-source Unreal IRC server in the last 8 months or so, you’ve been pwned. Here’s the official announcement: (CLICK HEADLINE FOR THE REST.)
![[Image: PancakeBunny.jpg]](http://www.twitchinkitten.com/myphotos/PancakeBunny.jpg)
I have no idea what you're talking about so here's a bunny with a pancake on it's head
![[Image: tExeLhI.gif]](http://i.imgur.com/tExeLhI.gif)