Bugtraq mailing list archives

Re: Virus Unix.penguin

From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Tue, 20 Feb 2001 10:15:51 -0700

I got a ton of autoreplies from AV software on this. The message did not
contain a virus, the signature is triggered by a line in the exploit that
contains the Unix commands to cat the password file through a pipe to the
mail program. Of course, I won't quote the actual line, because then this
message will trigger the same problem, but interested users can view the
original message at:

http://www.securityfocus.com/archive/1/163938

Yes, going to that URL may cause your AV software to act up again.

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com

My Antivirus detected the Virus "unix.penguin" from mail By kanedaaa
Bohater, Subjet CGI - Mailnews cgi vulnerability dated 20/02/2001.

From Virus Encyclopedia:


Unix.Penguin is a simple shell script which emails the unix passwd file to
someone. This may allow others to gain information about a system.

                                                                        Luca

Current thread:

Re: Virus Unix.penguin Ben Greenbaum (Feb 20)
- <Possible follow-ups>
- Virus Unix.penguin ggcm (Feb 20)