I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting.

Unreal IRC is an Internet relay chat platform. I don't have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan.

Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn't a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.

To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference--according to the many lectures I have received in the comments of articles I have written on Windows security--is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months.

The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren't running Unreal, but it's quite possible that Unreal is not the only compromised software available.

Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren't exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.

Don't make the mistake of simply assuming Linux systems are safe because they're Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.

Read full story.

What a load of FUD.

There is nothing ANY operating system can do to prevent the installation of software by the user. The supposed "false sense of security provided by Linux" has no bearing on this case, and in any event, there was absolutely nothing that a user or even an experienced admin could have done to avoid this issue.

Other than reading the source, there was no way of knowing that this software had been compromised, unless the backdoor was actually in use and you picked up the activity in network logs, or noticed things changing on your machine.

The software provided by the official vendor was compromised on their download server. The vendor did not provide any way of checking the veracity of that software.

So how is the user supposed to defend against that ?

Here's a tip. Disconnect your pc from the network and never download or install anything. That way you are guaranteed to be safe from malware.

Unless the malware is part of the install of course.

Install and actually USE a good AntiVirus. There are quite a few antivirus programs for Linux that will detect installed malware and offer to quarintine or delete it when you run the scanner.

That's what the article is about... Never assume you're safe just because you use Linux.

Cheers

I think this sums up the problem:

I rarely use a virus scanner, and I will continue to rarely use it. Instead I will check packages using gpg, or md5sum if gpg is not available.

Whatever method suits your fancy, as long as they're being checked.

IIRC, just a few months ago, malware was distributed through the Gnome project mirrors-- A screensaver was found to include a backdoor trojan.

So, while threats to Linux are far less numerous than for Windows, they do still exist, and one never knows what source may be compromised next.

Cheers

Yes, but did you know that GNOME scanned all the files using clamav, and clamav missed the trojan. Or maybe that was the FF trojan ? I don't remember.

Actually, IIRC, it was both: The Gnome Project and Mozilla relied solely on ClamAV until it missed the trojans they were distributing. (I'd forgotten about the one from Mozilla. I believe it was in a third-party FF extension that they were hosting.)

Sadly, ClamAV has been getting a bad rep, of late. My personal favorite is AVGFree. I've used it for years with Windows, and now I also use the Linux version. While it's not Open Source, it consistently receives better marks than many commercial models during the Internet Storm Center's periodic malware detection tests.