Linux Infected by Trojan

[Osiris]

Linux Infected by Trojan


A Trojan was placed inside the Unreal IRC server and gives the bad dudes almost complete control. Oops! Moral of the story: don't get cocky, Linux users.

This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).
​

 

[TieFighter]

Well, I'd rather take my chances on the trojan virus associated with a game I never play vs. the estimated 1,122,311 reported viruses in 2008 for Windows/DOS systems.

 

[kmote]

Further, I think it is important to distinguish the difference between a vulnerability in linux itself and a vulnerability in some other software. In fact on this occasion it wasn't even the software, the attackers put their own compromised version of the software on some of the download mirrors.

It's analogous to saying that Windows is open to attacks when users download and run fake antivirus software or whatever they run.

 

[patonb]

I think the real thing is that there was active malware on a server for 6months, nobody found it. Then thousands d/l'd and ran that malware and didn't know it.
All because of the belief A/V isn't needed.

Also, as I read the story, the malware wasn't exploiting unreal, just packaged with it. It's more like saying a Win user d/ls a Steam game and gets hit. Not d/l'ing for a suspect source.

 

[forrestcupp]

But how many people actually study every line of code in every script or program you run? I'm sure a lot of people run scripts that are supposed to make life easier, and they don't bother looking at the code. I'm sure a lot of people run scripts and wouldn't even know what the code means if they read it.

All it takes is for someone to make a script that is supposed to make life easier but it's actually malicious, and a bunch of people will ignorantly run it, and probably even willfully type in their super user password.

Linux isn't invincible.

 

[kmote]

Would AV have been able to detect this exploit?

Ultimately this is the fault of the attackers (obviously) and partially of the unrealIRCd publishers for not providing a checksum for users to compare (something which is common practice in the OSS world).

@forrestcupp: We all run things in ignorance, to go line by line through everything we ever run is well beyond the realms of practicality. As I said, a checksum used properly would have put a stop to this right away. In any case this exploit only allows access under the privileges of the user running ircd and again, one would hope that the user was not running it needlessly with a superuser account.

No one ever said that linux was invincible - nothing is.

 

[forrestcupp]

Would AV have been able to detect this exploit?

Ultimately this is the fault of the attackers (obviously) and partially of the unrealIRCd publishers for not providing a checksum for users to compare (something which is common practice in the OSS world).

@forrestcupp: We all run things in ignorance, to go line by line through everything we ever run is well beyond the realms of practicality. As I said, a checksum used properly would have put a stop to this right away. In any case this exploit only allows access under the privileges of the user running ircd and again, one would hope that the user was not running it needlessly with a superuser account.

No one ever said that linux was invincible - nothing is.

Good point about the checksum. But there are a lot of smalltime "helpful" scripts out there that don't have a checksum. Those are the things you need to watch out for. And even if they did, who's to say they didn't create something malicious, generate a checksum for it that will check out, and it still be malicious?

A while back, the Ubuntu Forums had a problem with people instructing people to enter the command "sudo rm -rf /" which will delete all your files. There are malicious people out there in the Linux world. Just because a bunch of fanboys argue that one of the benefits of Linux is that you can't get viruses doesn't mean you can just let your guard down.

 

[KSoD]

Well, I'd rather take my chances on the trojan virus associated with a game I never play vs. the estimated 1,122,311 reported viruses in 2008 for Windows/DOS systems.

Yeah i believe that about as much as i believe that all OS's are perfect. Look at the source that claimed that number. Symantec. Enough said.

This is the same company that said Vista and Win7 would never be able to be protected due to the fact they closed off the Kernel from their product. Even though AVG, Avast, Eset among so many other products dont need Kernel access to protect the OS in the first place.

So yeah that number is greatly exaggerated.

The fact is 2 things for me.

1. The fact that someone was able to get access to a number of mirrors and change the file
2. The fact that no one checked the file for 6 months

I dont care a single wink about the fact that it was considered a virus and they could take over your machine.

Yeah it would have been caught faster in Windows. Again not the point. It isnt even the point that there are more Windows infections. Face it Windows is used by more people daily than *NIX. If you want to infect someone who are you going to target? The OS that has the majority of the world population or the OS that has the most variations? So bringing up the fact that Windows has more flaws is irrelevant. As you cant measure their usage even close to the same levels.

The simple underlying fact is this. There is/was an infection for a Linux based system. For whatever reason, be it the developers fault for not including a checksum or for lack of checking the file on a regular basis, there was an infection that has affected the community.

Cause the simple truth of the matter is what kmote said in his first post. It was a flaw in the software. Just like 75% or more of the infections that happen to Windows are all based on insecure software running on the machine. I have had more updates done to my Adobe Products than i have had done to my core Windows files since i installed Win7.

The Black Hat is a prime example. Win7 survived longer than OS X and even that was taken down by a flaw in Safari, not OS X itself. Win7 was finally taken down by a flaw in software it had running, not by an attack on the OS itself.

I am glad it was caught, just wish it was a bit sooner.

 

[oldskool]

Good points, Mak. Neither Windows or Linux is perfect, as kmote mentioned as well. It's good to see intelligent posts on matters like this. So glad to see this wasn't (so far) turned into a *Nix/Windows bashing session.

 

[Jayce]

For the record, have there EVER been any multi platform viruses that could infect more than just one platform? That'd be D-day for computer systems if we got a Conficker infection on crazy steroids to hit all platforms at once. Ouch.