Backdoor in open source Linux IRC server

The public can be forgiven for thinking that Linux-based operating systems are somehow immune to attacks and compromises, since news of such an occurrence pops up infrequently.

But, as a recent post on the UnrealIRCd Forums reveals that users of the open source IRC server UnrealIRCd may have had their machines compromised through no fault of their own.

“This is very embarrassing… We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in),” it says in the announcement. “It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.”

On the positive side, that means that it is unlikely that many business servers have been compromised. On the negative side, it means that the people who were responsible for putting this file online have failed when it comes to checking it before they did so.

They did offer an apology and instructions on how to check if your system has been compromised and how to clean it. “We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so,” they said.

Don't miss