Post Fri Jun 18, 2010 6:03 am

UnrealIRCd backdoored

Thought it was worth mentioning here too:

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it.
This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user
restrictions (so even if you have passworded server or hub that doesn't allow any users in).

It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors).


So the modified version of Unreal3.2.8.1.tar.gz was available for about 8 moths without anyone noticing.

More on the UnrealIRCd website.