[6799] in bugtraq
Fake "Win98Nuke" program
daemon@ATHENA.MIT.EDU (Gustavo Molina)
Mon May 18 15:03:09 1998
Date: Mon, 18 May 1998 17:30:43 GMT
Reply-To: gustavo@molina.com.br
From: Gustavo Molina <gustavo@MOLINA.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
---------- Forwarded message ----------
Date: Tue, 12 May 1998 08:33:59 GMT
From: Garry Glendown <garry@insider.regio.net>
To: Linux-Announce@senator-bedfellow.mit.edu
Subject: Linux-Announce Digest #25 - SECURITY: Fake "Win98Nuke" program
=====BEGIN PGP SIGNED MESSAGE====
Following a tool that claimed to show an ftpd-hole in Linux, another
program appeared containing (probably) the same code and being as useful
as the other one ...
The program "WIN98Nuke" claims it is able to kill any Win98-System over
the net. This time, no source code is included, only a binary. Looking
into the code, you will have no problem spotting strings like "login:",
"Password:" or "mail %s <mirror.txt" and "mail %s </etc/passwd". Also,
the same subroutine names appear in the file (forgot to strip it :-))) )
as in the ftp-hole-fake, like "emailus" or "loginfake" ...
Bye, -gg
---
Gustavo Molina - gustavo@molina.com.br
System Administrator - Newbit - Sao Paulo - Brazil
