Twitchin Kitten - conversation community
Ouch.... Someone bit the Penguin - Printable Version

+- Twitchin Kitten - conversation community (https://twitchinkitten.com)
+-- Forum: The Club House (https://twitchinkitten.com/forum-6.html)
+--- Forum: Nerdville (https://twitchinkitten.com/forum-14.html)
+--- Thread: Ouch.... Someone bit the Penguin (/thread-1441.html)

Ouch.... Someone bit the Penguin - Twitchin Kitten - 06-14-2010

Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor? [updated] <-- clicky for full story

Update 12:30PM PDT 14-Jun-2010: It’s much worse than it appears. According to this report, the malware-compromised code was included in the official Gentoo distribution:

Would you consider it to be a big deal if it was found in a distribution? Gentoo just released an update to remove the backdoor.

http://packages.gentoo.org/package/net-irc/unrealircd

I’m sure there will be others, I believe the package is also available in Arch. I haven’t really looked to see if it was anywhere else.

The Gentoo bug report (warning: Gentoo’s certificate does not resolve to a trusted Certifying Authority) reports that it is VERIFIED and CLOSED with this comment:

The unrealircd taball in the gentoo mirrors _is_ affected (
Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the
_unaffected_ tarball. This discrepancy is how the backdoor was discovered.

So, please just flush the tar.gz from gentoo’s mirrors, teach people to not
blindly run “ebuild *.ebuild manifest”, and unrealircd’s SRC_URI does not
include the current upstream tarball location:

SRC_URI=”http://www.unrealircd.com/downloads/${MY_P}.tar.gz“

(unrealircd’s mirror system was compromised by the attacker and so the tarball
is temporarily being hosted at the official site).

There’s a great deal of comment in the Talkback section of this post about how official repositories can be trusted. It appears that system broke down thoroughly in this case.

Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates who claim that they don’t need any such protection. Today comes a shining example of why they’re wrong.

If you downloaded and installed the open-source Unreal IRC server in the last 8 months or so, you’ve been pwned. Here’s the official announcement: (CLICK HEADLINE FOR THE REST.)

RE: Ouch.... Someone bit the Penguin - ralgith - 06-14-2010

Yup, saw that the other day. Everyone, no matter which OS needs Maleware protection. I run ClamAV for my Anti-Virus, and I love it. People who think an OS is foolproof are idiots. Just like people who think some firewalls are impenetrable are idiots. If a hacker wants in bad enough, not even the best mil-spec firewall will stop them.

Linux, Mac, and UNIX ARE usually more secure than Windows. Usually. But no one is perfect.