Vulnerability Development mailing list archives

RE: yet another fake exploit making rounds

From: "Wall, Kevin" <Kevin.Wall () qwest com>
Date: Fri, 21 Dec 2001 10:18:51 -0500

Michal Zalewski,

Most recent (third) issue of "el8" zine, available at 
http://el8.8m.com,
among other things claims to have a "0-day" dcron exploit, allegedely
coded by me and Rafal Wojtczuk (Nergal).
... it appears to be a very nicely crafted trojan horse. 
It does send your /etc/passwd file to a fixed address

your-address () mail com

... this mailbox is probably valid and attended):


Perhaps we all ought to oblige them by sending them bogus /etc/passwd files
and let them spin there wheels trying to crack the passwords.

Or alternately, grab a few hundred megabytes of random garbage to send
them...

        dd if=/dev/random ibs=4K count=102400 | mail your-address () mail com

and overflow their mailbox. Anything to keep them busy over the holidays.
---
Kevin W. Wall           Qwest Communications International, Inc.
Kevin.Wall () qwest com Phone: 614.932.5542
"Wipe Info uses hexadecimal values to wipe files. This provides more
security than wiping with decimal values."
                -- Norton System Works 2002 manual, pg 160

Current thread:

yet another fake exploit making rounds Michal Zalewski (Dec 20)
- <Possible follow-ups>
- RE: yet another fake exploit making rounds Wall, Kevin (Dec 21)
  - Re: yet another fake exploit making rounds xbud (Dec 21)
- Re: yet another fake exploit making rounds Michal Zalewski (Dec 21)
- RE: yet another fake exploit making rounds auto241065 (Dec 22)