I woke up this morning to an email from one of our shell providers that Unreal IRCd 3.2.8.1 had been compromised from the download location on the Unreal IRCd website.  The downloaded file was injected with a Trojan horse back-door virus.  The incident gave remote hackers the power to run any command from the ssh shell that the user the IRCd was running as has permissions to run.  This exploited vulnerability has no affect on connected users.

As a matter of precaution, we have deleted the entire infected source code, and used the cleaned source from Unreal IRCd to compile and install new IRCd instances on all our servers.  All our servers are clean and unaffected as of this moment.

For more information about the vulnerability, see the following link:  http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt