Users of the Linux-based Unreal IRC server have been warned about a backdoor Trojan that can allow hackers to execute any type of command, regardless of user restrictions.
According to a post on the Unreal IRCd Forums (opens in new tab), the Unreal126.96.36.199.tar.gz file on its mirrors had been replaced with a version which contained the Trojan back door.
Apparently no-one noticed the change until today.
An administrator going by the name of 'Syzop' apologised for the mistake and confirmed that precautionary steps have been taken to fix the bug, preventing it from being exploited in the wild.
Syzop wrote: “We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do.”
He also went on to list the unaffected versions, which include official precompiled Windows, CVS and 3.2.8 and earlier versions.