Someone pwned the Unreal IRC download for Linux back in November 2009. Read on:
Linux back door in Unreal IRC download
Ed Bott blogs about it
Linux users of Unreal IRC may need cleaning
Good post TechPro.
That blogger, Ed Bott, is a complete idiot. I need to start making a list of idiots to ignore in the future as there are too many to remember.
He is obviously pro-M$ and anti-Linux. He states \"Gentoo ships backdoor\". It did no such thing. The mirrors host as much software as they can to take the load off of the original host when lots of people download it. The mirrors get it from the original, which, unknowingly had a modified file after the fact.
Then he shows his lack of intelligence when he quotes the following Gentoo bug report which refutes his whole point.
He is a blogger on zdnet, why the childish article? Anyone who says \"pwned\" instantly falls to the lowest of perceived intelligence in my mind. Oh well.
That blogger, Ed Bott, is a complete idiot. I need to start making a list of idiots to ignore in the future as there are too many to remember.
He is obviously pro-M$ and anti-Linux. He states \"Gentoo ships backdoor\". It did no such thing. The mirrors host as much software as they can to take the load off of the original host when lots of people download it. The mirrors get it from the original, which, unknowingly had a modified file after the fact. Then he shows his lack of intelligence when he quotes the following Gentoo bug report which refutes his whole point.
What this means is that anyone who tried to install unrealircd the Gentoo way got an error that the manifest does not match and the install was refused. Gentoo automatically blocked the install of the infected file. Of course, people can force it by rebuilding the manifest but that's no different than someone installing software on windows even though the virus scanner said it was a potential threat. Anyone who has any common sense will check the gentoo bug reports or forums when a manifest does not match because it means the original file was modified unknowingly by someone or the original author did not report that they replaced the same file with a new one.The unrealircd taball in the gentoo mirrors _is_ affected ( Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the _unaffected_ tarball. This discrepancy is how the backdoor was discovered.
He is a blogger on zdnet, why the childish article? Anyone who says \"pwned\" instantly falls to the lowest of perceived intelligence in my mind. Oh well.
Why doesn't it work?
Yeah, he kind of shoots his supposed \"Linux cred\" in the foot when he says \"Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates...\" and tries to pawn it off as \"Windows malware monopoly is over\" then quotes the very method which revealed (which is the style of method to detect malware on any OS. Pfft.
Oh well. Either way it's a good warning for Unreal users to check their stuff.
Oh well. Either way it's a good warning for Unreal users to check their stuff.