[19293] in bugtraq
Re: Virus Unix.penguin
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Tue Feb 20 12:50:58 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.30.0102201008130.29718-100000@mail>
Date: Tue, 20 Feb 2001 10:15:51 -0700
Reply-To: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
From: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010220025225.B971824C76B@lists.securityfocus.com>
I got a ton of autoreplies from AV software on this. The message did not
contain a virus, the signature is triggered by a line in the exploit that
contains the Unix commands to cat the password file through a pipe to the
mail program. Of course, I won't quote the actual line, because then this
message will trigger the same problem, but interested users can view the
original message at:
http://www.securityfocus.com/archive/1/163938
Yes, going to that URL may cause your AV software to act up again.
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
> My Antivirus detected the Virus "unix.penguin" from mail By kanedaaa
> Bohater, Subjet CGI - Mailnews cgi vulnerability dated 20/02/2001.
>
> >From Virus Encyclopedia:
>
> Unix.Penguin is a simple shell script which emails the unix passwd file to
> someone. This may allow others to gain information about a system.
>
> Luca
