It seems the Linux version of the popular IRC server Unreal IRCd was contaminated with malware ever since November 2009, without anyone noticing it. The announcement was made on the Unreal IRCd forums:
This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in). [...] It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.
This reminds us that an OS is as secure as the owner makes it. Remember to always check the source code before running a script / application. Better yet, only install applications from your distribution's official repositories and very trusted sources.
[via pcworld]