Think Linux is free from malware? Think again; it's been hacked.

Linux fans frequently deride Windows as being malware-ridden, while claiming their favorite operating system is free from such threats. That simply isn't true. The most recent Linux version of the open-source Unreal IRC server is infected with a Trojan. The Windows version? It's malware-free.

Over at the UnrealIRCd Forums, they issue this warning about a Trojan that has infected the Unreal IRC server:

This is very embarrassing...

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).

It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.

Obviously, this is a very serious issue, and we're taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly. We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do.

That's pretty scary stuff; it gives a hacker absolute control over the server. (Update: Several people in the comments section have correctly pointed out that the hacker would not have absolute control over the server. The hacker would only have the privileges of the account used to run ircd.)

How about the Windows version? Under "Safe versions," the announcement has this to say:

Official precompiled Windows (SSL and non-ssl) binaries are NOT affected.

One of the more remarkable aspects of this is that the Trojan was first slipped into the Linux version of the server back in November 2009, about seven months ago. As the notice sheepishly admits, "It seems nobody noticed it until now."

Ed Bott brings up an excellent point about this, saying in his blog (where I first read about this):

A similarly infected Windows file in the wild would be detected within days if not hours after a routine virus scan by someone checking the download before installing it.

Does all this mean that Linux users are as subject to malware as Windows users? No; there's clearly far more malware targeting Windows than Linux. But it does mean that Linux users who believe they can't be infected by malware are simply wrong.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies