When creating a Ruby gem, developers can specify a list of executable files. These executives are copied into the same directory where the Ruby binary is located. While very convenient, it opens a huge security hole.

It would be fairly easy for someone to provide an alternate version of the Ruby executable.

If possible, write-protect your ruby install directory to prevent this avenue of attack. If you run Windows and are paranoid, backup the Ruby install directory so you have something for future comparison.