Okay, now that I have your attention, the original post is here.
Now I didn't write it, but I do want to say this in response to that post. If people don't hand out their passwords to apps and they install from the repositories, then they won't have this issue that arrived from the install. The only way the malware could install a backdoor was with your root password. After that's done, well it's game over for you buddy.
Linux infection proves Windows malware monopoly over:
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Linux infection proves Windows malware monopoly over:
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
randomizer
Re: Linux infection proves Windows malware monopoly over:
If a monopoly can be "over" when one piece of malware has been found on another OS then it was over years ago. In fact, it never existed.
-
Midnighter
- Level 6
- Posts: 1327
- Joined: Tue May 22, 2007 1:52 pm
- Location: Western Australia
Re: Linux infection proves Windows malware monopoly over:
Copying my post from other thread on this http://forums.linuxmint.com/viewtopic.p ... 96#p287873
My thoughts are best summed up here http://www.itworld.com/security/110942/ ... ecure-ever
Linux is as secure as ever
Which doesn't mean that idiots can't foul-it-up.
June 14, 2010, 12:33 PM —
There have been several stories proclaiming that a recent Linux infection proves Windows malware monopoly is over and that Think Linux is free from malware? Think again; it's been hacked. Much as it pains me to disagree with the good people, they're wrong.
Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole. Or, as they explained on their site,
"This is very embarrassing...
We found out that the Unreal3.2.8.1.tar.gz file [the source code for UnrealIRCd] on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).
It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.
Obviously, this is a very serious issue, and we're taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly. We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do."
So what does that mean? First, there's no new, or old for that matter, security hole in Linux at all. What happened was that this one group let someone replace the program they were shipping with one that had been deliberately designed to let other people into it to run commands on your Linux computer.
There's nothing too surprising about this. Historically, IRC, which is sort of a CB radio of instant messaging services, has always had one major security problem after another. Indeed, IRC has often been used in the past to run Windows botnets. I strongly suspect whoever replaced the UnrealIRCd has been using it for running Windows botnets.
Let me spell it out for you. Even before this latest fiasco, no one who cares about security was letting IRC clients or servers run on their systems. It's always been too easy to abuse.
In this particular case, the group behind UnrealIRCd were just dumb about tracking their own program. Clearly, they never bothered to check their own code. The users, by virtue of the fact that they were running IRC in the first place, don't get any prizes for being bright either. After all, they were running IRC: Case closed.
If you really must run an IRC server, might I suggest you use Bahamut or IRCD-Hybrid. You'll still run into security problems, but, from what I'm told by my IRC using friends, they have the most helpful technical support communities.
In any case, the real problem here isn't with Linux. It's a problem that can, and has, popped up in any operating system. If you install a hacked application, I don't care if you otherwise have the most secure system on Earth, you've just opened it up for attack.
Now Linux isn't the most secure system in the world by default. That honor probably goes to OpenBSD. But, unlike Windows, which is insecure by design, Linux's designers are far more successful at making it secure. But, if you don't believe me, perhaps you'll believe Dell about Linux's security. Dell may be far better known for its Windows PCs than for its Linux line, but even they admit, "Ubuntu is safer than Microsoft Windows."
One final word though. Any system can be hacked. As the saying goes, "security is not a product, it's a process." Windows, Linux, OpenBSD, whatever, if you don't work on keeping your PC or server safe, it will eventually be successfully attacked. But this, this example, is really a case of bad security mistakes piling on top of each other and not an indictment of Linux.
My thoughts are best summed up here http://www.itworld.com/security/110942/ ... ecure-ever
Linux is as secure as ever
Which doesn't mean that idiots can't foul-it-up.
June 14, 2010, 12:33 PM —
There have been several stories proclaiming that a recent Linux infection proves Windows malware monopoly is over and that Think Linux is free from malware? Think again; it's been hacked. Much as it pains me to disagree with the good people, they're wrong.
Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole. Or, as they explained on their site,
"This is very embarrassing...
We found out that the Unreal3.2.8.1.tar.gz file [the source code for UnrealIRCd] on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in).
It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.
Obviously, this is a very serious issue, and we're taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly. We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do."
So what does that mean? First, there's no new, or old for that matter, security hole in Linux at all. What happened was that this one group let someone replace the program they were shipping with one that had been deliberately designed to let other people into it to run commands on your Linux computer.
There's nothing too surprising about this. Historically, IRC, which is sort of a CB radio of instant messaging services, has always had one major security problem after another. Indeed, IRC has often been used in the past to run Windows botnets. I strongly suspect whoever replaced the UnrealIRCd has been using it for running Windows botnets.
Let me spell it out for you. Even before this latest fiasco, no one who cares about security was letting IRC clients or servers run on their systems. It's always been too easy to abuse.
In this particular case, the group behind UnrealIRCd were just dumb about tracking their own program. Clearly, they never bothered to check their own code. The users, by virtue of the fact that they were running IRC in the first place, don't get any prizes for being bright either. After all, they were running IRC: Case closed.
If you really must run an IRC server, might I suggest you use Bahamut or IRCD-Hybrid. You'll still run into security problems, but, from what I'm told by my IRC using friends, they have the most helpful technical support communities.
In any case, the real problem here isn't with Linux. It's a problem that can, and has, popped up in any operating system. If you install a hacked application, I don't care if you otherwise have the most secure system on Earth, you've just opened it up for attack.
Now Linux isn't the most secure system in the world by default. That honor probably goes to OpenBSD. But, unlike Windows, which is insecure by design, Linux's designers are far more successful at making it secure. But, if you don't believe me, perhaps you'll believe Dell about Linux's security. Dell may be far better known for its Windows PCs than for its Linux line, but even they admit, "Ubuntu is safer than Microsoft Windows."
One final word though. Any system can be hacked. As the saying goes, "security is not a product, it's a process." Windows, Linux, OpenBSD, whatever, if you don't work on keeping your PC or server safe, it will eventually be successfully attacked. But this, this example, is really a case of bad security mistakes piling on top of each other and not an indictment of Linux.
If you accept - and I do - that freedom of speech is important, then you are going to have to defend the indefensible. That means you are going to be defending the right of people to read, or to write, or to say, what you don't say or like or want said.
-
frogimus
Re: Linux infection proves Windows malware monopoly over:
It doesn't even have to be a virus or malware. If people blindly install every app they think is cool and --force their way through mismatched/incompatible dependencies, they're going to get their system ganked.
To expand on a previous statement, not only is security a process, but using a Linux kernel requires a process also. If you use a gtk based DE, try to stick with gtk apps so the dependencies are already (mostly) there. If someone gives you some CLI commands to try to get through a problem, don't blindly type (or mistype) them into a console without looking them up and understanding a little about them. Read, comprehend, and learn as you go.
If you try to run any OS with the "easy button", expect to make it easy for someone to make your PC miserable.
To expand on a previous statement, not only is security a process, but using a Linux kernel requires a process also. If you use a gtk based DE, try to stick with gtk apps so the dependencies are already (mostly) there. If someone gives you some CLI commands to try to get through a problem, don't blindly type (or mistype) them into a console without looking them up and understanding a little about them. Read, comprehend, and learn as you go.
If you try to run any OS with the "easy button", expect to make it easy for someone to make your PC miserable.