Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Virus Unix.penguin
From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Tue, 20 Feb 2001 10:15:51 -0700
I got a ton of autoreplies from AV software on this. The message did not
contain a virus, the signature is triggered by a line in the exploit that
contains the Unix commands to cat the password file through a pipe to the
mail program. Of course, I won't quote the actual line, because then this
message will trigger the same problem, but interested users can view the
original message at:

http://www.securityfocus.com/archive/1/163938

Yes, going to that URL may cause your AV software to act up again.

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com


My Antivirus detected the Virus "unix.penguin" from mail By kanedaaa
Bohater, Subjet CGI - Mailnews cgi vulnerability dated 20/02/2001.


From Virus Encyclopedia:


Unix.Penguin is a simple shell script which emails the unix passwd file to
someone. This may allow others to gain information about a system.

                                                                        Luca

  By Date           By Thread  

Current thread:
  • Re: Virus Unix.penguin Ben Greenbaum (Feb 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]