Linux Trojan hits Unreal IRC, raises malware concerns

[Author's Note: The article has been modified to correct the assertion that Unreal IRC has any relation to Unreal--the first-person shooter developed by Epic Games.]

The perception that Linux is impervious to security attacks has taken a knock with the revelation that a popular open source version of IRC Server has been left open to attack for more than six months.

The good news, at least for IT administrators and organisations that rely on Linux as a server or desktop operating system, is that the Trojan is in a game download so it should have no bearing on Linux in a business setting. Unreal IRC is an Internet relay chat platform.

An announcement on the Unreal IRCd Forums states "This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."

The post goes on to say "It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now."

However, none of those systems should be in a place of business, so the risk from a business perspective is not very high. IT administrators can learn, though, from the mea culpa at the end of the UnrealIRCd Forums post. "We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so."

Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn't a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.

To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavour of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that is because its open source vulnerabilities are fixed in hours rather than months.

The lesson for IT admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren't running Unreal, but it's quite possible that Unreal is not the only compromised software available.

Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren't exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.

Don't make the mistake of simply assuming Linux systems are safe because they're Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.