Post #327,939
6/14/10 11:15:17 AM
|
Think Linux is free from malware? Think again
Linux fans frequently deride Windows as being malware-ridden, while claiming their favorite operating system is free from such threats. That simply isn't true. The most recent Linux version of the open-source Unreal IRC server is infected with a Trojan. The Windows version? It's malware-free.
Over at the UnrealIRCd Forums, they issue this warning about a Trojan that has infected teh Unreal IRC server:
This is very embarrassing...
We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).
It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.
Obviously, this is a very serious issue, and we're taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly. We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do.
That's pretty scary stuff; it gives a hacker absolute control over the server.
How about the Windows version? Under "Safe versions," the announcement has this to say:
Official precompiled Windows (SSL and non-ssl) binaries are NOT affected.
One of the more remarkable aspects of this is that the Trojan was first slipped into the Linux version of the server back in November 2009, about seven months ago. As the notice sheepishly admits, "It seems nobody noticed it until now."
Ed Bott, brings up an excellent point about this, saying in his blog (where I first read about this):
A similarly infected Windows file in the wild would be detected within days if not hours after a routine virus scan by someone checking the download before installing it.
Does all this mean that Linux users are as subject to malware as Windows users? No; there's clearly far more malware targeting Windows than Linux. But it does mean that Linux users who believe they can't be infected by malware are simply wrong.
source: http://blogs.compute...n_its_been_hacked
"Chicago to my mind was the only place to be. ... I above all liked the city because it was filled with people all a-bustle, and the clatter of hooves and carriages, and with delivery wagons and drays and peddlers and the boom and clank of freight trains. And when those black clouds came sailing in from the west, pouring thunderstorms upon us so that you couldn't hear the cries or curses of humankind, I liked that best of all. Chicago could stand up to the worst God had to offer. I understood why it was built--a place for trade, of course, with railroads and ships and so on, but mostly to give all of us a magnitude of defiance that is not provided by one house on the plains. And the plains is where those storms come from."
-- E.L. Doctorow
|
Post #327,940
6/14/10 11:20:03 AM
|
Thats lazy security
shame on them.
I will choose a path that's clear. I will choose freewill.
|
Post #327,943
6/14/10 11:45:37 AM
|
yahbut
it took 8 months for anybody to notice; even Windoze problems get caught faster than that.
"Chicago to my mind was the only place to be. ... I above all liked the city because it was filled with people all a-bustle, and the clatter of hooves and carriages, and with delivery wagons and drays and peddlers and the boom and clank of freight trains. And when those black clouds came sailing in from the west, pouring thunderstorms upon us so that you couldn't hear the cries or curses of humankind, I liked that best of all. Chicago could stand up to the worst God had to offer. I understood why it was built--a place for trade, of course, with railroads and ships and so on, but mostly to give all of us a magnitude of defiance that is not provided by one house on the plains. And the plains is where those storms come from."
-- E.L. Doctorow
|
Post #327,956
6/14/10 12:58:14 PM
|
Yah but...
The installation source server wasn't properly being checked.
Places that "get it" do checks everyday all the time now a days. CentOS and Debian have built in checking as a part of the distribution to mirrors process. They check against external numbers and checksums.
People are trying to get things all the time. People distributing software to the stupid masses (including most time Windows, part-time linux admins) have to be careful. There is no two ways about it.
On a counter point, its been know since 1995 and 1999 that Microsoft made extremely bad decisions on OS design... What have they done? Effectively nothing. They have built a huge wall around the issues and yet, things get by it time and time and time again.
So... 15 years and 11 years respectively? What say you to that?
|
Post #327,950
6/14/10 12:10:40 PM
|
thats why you dont download binaries
I get security bug fixes on a almost daily basis from a known distro. An application not from a distro I would download source, eyeball before building.
|
Post #327,954
6/14/10 12:52:53 PM
|
And you are saying...
That its *LINUX* that did this?
No, its lazy / lax security. And assuming you'll be fine, just install it you are all good.
Nope, its just plain old stupidity there. PLUS, it still only had the permissions of the user running the game's IRC server. Trojan'd IRC servers are nearly the oldest Trojans out there.
If you run those services as ROOT, you are just asking for trouble. I run all services as a user, except for those that spawn correctly to a runas user because they have to be able to open a port below 1024.
Come on... this is SIMPLE. Trojans are as old as computers and have been available on every platform since the beginning of time. You have to get them from a trusted source.
This is known bullshit and Lax security and lazy admins.
|
Post #327,958
6/14/10 1:16:14 PM
|
^^ that
|
Post #327,981
6/14/10 4:40:02 PM
|
Wow... the world *IS* ending.
That is twice in a row!
|
Post #327,955
6/14/10 12:56:08 PM
|
Straw herring
... claiming their favorite operating system is free from such threats ...
No, they claim that Linux is far less vulnerable structurally, and historically far freer of exploits. To the point that a single exception rates as "news".
... it gives a hacker absolute control over the server.
No, it "allows a person to execute ANY command with the privileges of the user running the ircd". Do you run ircd as root?
A similarly infected Windows file in the wild would be detected within days if not hours after a routine virus scan ...
And then either Microsoft or the vendor might choose to release a patch, or they might not, and there's no reason to expect that the exploit wouldn't have already closed the door behind itself on the millions of machines now zombied.
Linux users who believe they can't be infected by malware are simply wrong.
They're also rare.
--
Drew
|
Post #328,093
6/16/10 12:33:05 PM
|
Malware?
Nothing like windows.
A hacked APPLICATION binary was downloaded from a commercial source.
And chosen to be installed.
How is that anything like the thousands of windows viruses actively attacking windows users via a variety of methods, some of which you can't possibly predict due to our unfamiliarity with core windows internals (and I mean that about everyone unless you are actively working on Windows source, or spending a majority of your time disassembling it in a debugger)?
|
