Tuesday, June 15, 2010

Linux malware festering since 2009: reviewing the impact [Security Curve]

Check the full post for more analysis and a timely Linux malware reality check

Apparently the folks who maintain the UnrealIRC [it's an IRC server - Internet Relay Chat - for gabbing it up with your friends] just noticed that they’ve had remote control software included in the distribution since 2009 and didn’t notice until just now.  Whoops.Apparently the infected software got picked up by at least one major distribution for inclusion in the default package sets.  Double-whoops.

So, it’s a Trojan that sits there and lets as-yet-unidentified bad guys transmit commands to servers running the daemon – those commands get executed in the context of the user running the server.  If you want the technical nitty-gritty, you’ll find it here, but the mechanics of it really aren’t really all that interesting.

What is interesting to me is the impact.   Some folks are suggesting that a false sense of security resulting from using Linux caused it to run undetected for so long.   I’m not sure I entirely agree – I think there are a few factors that contribute to this situation being worse than a malware event on other platforms.

Linux malware festering since 2009: reviewing the impact

No comments: