[funsec] Unreal IRCd backdoor

Larry Seltzer larry at larryseltzer.com
Mon Jun 14 07:25:20 CDT 2010

Similar to an incident with WordPress a few years ago.

One of the lessons people seem to want to learn from this is to check
MD5s, but I don't see what that accomplishes. Usually the MD5 is stored
alongside the file that has been compromised; if they can compromise the
main file, surely they can make a new MD5.

The unrealircd guys are starting to use GPG which is a better solution (if
they're careful with their keys)(and as long as the source tree they're
signing hasn't been compromised), but GPG is a PITA. After the Wordpress
incident I proposed an easier method:


-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Juha-Matti Laurio
Sent: Monday, June 14, 2010 7:51 AM
To: Gadi Evron; funsec at linuxbox.org
Subject: Re: [funsec] Unreal IRCd backdoor

Advisory and MD5's listed at


Gadi Evron [ge at linuxbox.org] kirjoitti:
> Very interesting post by Fyodor:
> http://seclists.org/nmap-dev/2010/q2/826
> 	Gadi.
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

More information about the funsec mailing list