Paul Otheim wrote: > hadn't seen anything on the list about this, I don't know if Fedora even > has a package available for this but for all you gamers out there beware. > > https://infosecurity.us/?p=15207 (Google Chrome throws a fit about this page > being a security problem) > > or > > http://www.networkworld.com/news/2010/061310-linux-trojan-raises-malware.html <snip> are comments/quotes on original page: +++ From PCWorlds’ Tony Bradley: “Linux Trojan Raises Malware Concerns“ http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting. +++ which appears to be based on; +++ http://forums.unrealircd.com/viewtopic.php?t=6562 Some versions of Unreal3.2.8.1.tar.gz contain a backdoor Post by Syzop on Sat Jun 12, 2010 9:17 am Hi all, This is very embarrassing... We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in). It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now. +++ so, this all tends to indicate that it is not a fault of linux, as any system is vulnerable to what a user downloads from a mirror, and is primarily fault of maintainer of mirrors involved. moral of whole story, do not download from an untrustworthy or properly maintained site. -- peace out. tc,hago. g . **** in a free world without fences, who needs gates. ** help microsoft stamp out piracy - give linux to a friend today. ** to mess up a linux box, you need to work at it. to mess up an ms windows box, you just need to *look* at it. ** learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html 'The Linux Documentation Project' http://www.tldp.org/ 'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html 'HowtoForge' http://howtoforge.com/ ****
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
