[vox] Linux IRC infection

Ryan cjg5ehir02 at sneakemail.com
Tue Jun 15 20:20:24 PDT 2010 

It is very unlikely that a malware scanner would have caught this on windows or on Linux.  It was a very simple backdoor that allowed arbitrary commands to be executed remotely, and it was in the source.  A malware scanner has no way to see intent.  If there were a bit of authentication wrapping it, it could have been a legit feature.

On Mon, Jun 14, 2010 at 03:52:10PM -0700, Darth Borehd darth.borehd-at-gmail.com |lugod| wrote:
> So does Linux need a malware scanner then?
> 
> On 14 June 2010 13:30, Bill Kendrick <nbs at sonic.net> wrote:
> 
> > On Mon, Jun 14, 2010 at 09:56:24AM -0700, Gandalf Parker wrote:
> > >
> > http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malware-monopoly-is-over/2206?tag=nl.e539
> > >
> > > Altho its abit of an "I told you so" article, it does support my general
> > > attitude that absolute statements should usually end with the word "yet".
> > > If I EVER said Linux didnt need to worry, Im sure I added "doesnt need to
> > > worry, YET"
> > >
> > > It also supports my not-completely-trusting of automatic updating
> >
> > Nah, one has ALWAYS needed to worry.  The article is useless.
> > It sucks that the malware got into the Gentoo repos (but, based
> > on what little I understood of the 'update' pasted at the top of
> > the article), it sounds like it's really a matter of:
> >
> > (1) I want to install IRC server
> > (2) I'll get it from trusted source
> > (3) I'll IGNORE THE SAFEGUARDS to confirm that the copy at the source
> >    is actually TO BE TRUSTED
> > (4) OMGWTFPWNED
> >
> > Note that my opinion here is based soley on skimming the guy's ZDNet
> > article ("clickbait", as one of the commenters called it ... a kind of
> > "FUD-for-advertising-dollars"), and the (mostly lame) comments made
> > by users.
> >
> > --
> > -bill!
> > Sent from my computer
> > _______________________________________________
> > vox mailing list
> > vox at lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox
> >

> _______________________________________________
> vox mailing list
> vox at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox

More information about the vox mailing list