FYI - Just a heads up for the Unreal Gamers

g geleem at bellsouth.net
Thu Jun 17 00:31:19 UTC 2010


Paul Otheim wrote:
>  hadn't seen anything on the list about this, I don't know if Fedora even
> has a package available for this but for all you gamers out there beware.
> 
> https://infosecurity.us/?p=15207 (Google Chrome throws a fit about this page
> being a security problem)
> 
> or
> 
> http://www.networkworld.com/news/2010/061310-linux-trojan-raises-malware.html
<snip>

are comments/quotes on original page:

+++
From PCWorlds’ Tony Bradley: “Linux Trojan Raises Malware Concerns“

http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html

I've got good news and bad news for those of the misguided perception that
Linux is somehow impervious to attack or compromise. The bad news is that it
turns out a vast collection of Linux systems may, in fact, be pwned. The good
news, at least for IT administrators and organizations that rely on Linux as
a server or desktop operating system, is that the Trojan is in a download
that should have no bearing on Linux in a business setting.
+++


which appears to be based on;

+++
http://forums.unrealircd.com/viewtopic.php?t=6562

Some versions of Unreal3.2.8.1.tar.gz contain a backdoor
Post by Syzop on Sat Jun 12, 2010 9:17 am

Hi all,

This is very embarrassing...

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been
replaced quite a while ago with a version with a backdoor (trojan) in it.
This backdoor allows a person to execute ANY command with the privileges
of the user running the ircd. The backdoor can be executed regardless of
any user restrictions (so even if you have passworded server or hub that
doesn't allow any users in).

It appears the replacement of the .tar.gz occurred in November 2009 (at least
on some mirrors). It seems nobody noticed it until now.
+++

so, this all tends to indicate that it is not a fault of linux, as any system
is vulnerable to what a user downloads from a mirror, and is primarily fault
of maintainer of mirrors involved.

moral of whole story, do not download from an untrustworthy or properly
maintained site.


-- 

peace out.

tc,hago.

g
.

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 545 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100617/9f3421c9/attachment.bin 


More information about the users mailing list