Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Whilst a signature based virus scanner would not have found this, most windows AV products will ask the user when a process tries to launch another, which would have highlighted this issue.
A backdoor in UnrealIRCd
Posted Jun 17, 2010 12:18 UTC (Thu) by mpr22 (subscriber, #60784)
Posted Jun 17, 2010 12:33 UTC (Thu) by richmoore (subscriber, #53133)
Posted Jun 17, 2010 13:59 UTC (Thu) by tialaramex (subscriber, #21167)
They might have spotted an unsophisticated UnrealIRCd attack
They often flag up minor third party programs which violated the heuristic but did not in fact do anything bad
The result is that they're more likely to spot a genuine attack like this, but their users are inured to occasional false alarms and so unlikely to act on it. I scarcely use Windows, and yet I'm aware of several such false alarms from apparently uninteresting programs.
Still, compiling the vulnerable code and running it inside a firewall is safe, any pundit who wants to make a big deal of this should try it and report how many (if any) AV products available six months ago actually spot this.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds