DescentBB

The Descent Bulletin Board
https://descentbb.net/

Linux users of Unreal IRC may need cleaning

https://descentbb.net/viewtopic.php?t=17041

Page 1 of 1

Linux users of Unreal IRC may need cleaning

Posted: Mon Jun 14, 2010 12:25 pm
by TechPro
Someone pwned the Unreal IRC download for Linux back in November 2009. Read on:

Linux back door in Unreal IRC download

Ed Bott blogs about it

Posted: Mon Jun 14, 2010 12:36 pm
by Duper
Ack, sorry to hear that. Great post Tech.

Where mr. blogger goes.. over hype much? :roll:

But such as it is for bloggers.

Thanks for the post.

Sounds like the work of a consoler! ;)

Posted: Mon Jun 14, 2010 3:17 pm
by Xamindar
Good post TechPro.

That blogger, Ed Bott, is a complete idiot. I need to start making a list of idiots to ignore in the future as there are too many to remember. :) He is obviously pro-M$ and anti-Linux. He states \"Gentoo ships backdoor\". It did no such thing. The mirrors host as much software as they can to take the load off of the original host when lots of people download it. The mirrors get it from the original, which, unknowingly had a modified file after the fact.

Then he shows his lack of intelligence when he quotes the following Gentoo bug report which refutes his whole point.
The unrealircd taball in the gentoo mirrors _is_ affected ( Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the _unaffected_ tarball. This discrepancy is how the backdoor was discovered.
What this means is that anyone who tried to install unrealircd the Gentoo way got an error that the manifest does not match and the install was refused. Gentoo automatically blocked the install of the infected file. Of course, people can force it by rebuilding the manifest but that's no different than someone installing software on windows even though the virus scanner said it was a potential threat. Anyone who has any common sense will check the gentoo bug reports or forums when a manifest does not match because it means the original file was modified unknowingly by someone or the original author did not report that they replaced the same file with a new one.

He is a blogger on zdnet, why the childish article? Anyone who says \"pwned\" instantly falls to the lowest of perceived intelligence in my mind. Oh well.

Posted: Mon Jun 14, 2010 8:36 pm
by TechPro
Yeah, he kind of shoots his supposed \"Linux cred\" in the foot when he says \"Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates...\" and tries to pawn it off as \"Windows malware monopoly is over\" then quotes the very method which revealed (which is the style of method to detect malware on any OS. Pfft.

Oh well. Either way it's a good warning for Unreal users to check their stuff.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited