it's not _live_ or dead :) it's just an exploit program, and btw you have to spend some minutes to make it working (it's not that one-click microsoft malware :))) ) Anyway it's a tool, a piece to be studied. It can only become "bad" if you give it a list of addresses to deface, if _you_ put it to a machine where perl and specific modules are, and finally execute it... As I already said, I do not understand this tendency in antivirus software scanners... The funniest part is that some messages from those stupid programs contained stuff like "inappropriate language detected", not mentioning the descriptions of where they put that file - local paths, mail servers structure etc :) pretty much of information disclosed this way - I did not ever think about such a problem. ----- Original Message ----- From: "Riess, Bob" <briessat_private> To: "'Vitaly Osipov'" <vosipovat_private>; <INCIDENTSat_private> Sent: Tuesday, May 15, 2001 2:33 PM Subject: RE: recent sadmin worm > Vitaly, > My viruswall killed the attachment to your post, as it should. It's really > not a good idea to send out live malware, even with the best of > intentions... > > -br > > > -----Original Message----- > From: Vitaly Osipov [mailto:vosipovat_private] > Sent: Monday, May 14, 2001 11:59 am > To: INCIDENTSat_private > Subject: recent sadmin worm > > > > ****** Message from InterScan E-Mail VirusWall NT ****** > > ** WARNING! Attached file uniattack.zip contains: > > PERL_SADMIND.A virus in compressed file uniattack.pl > > Attempted to clean the file but it is not cleanable. > It has been deleted. > > ***************** End of message *************** >
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 09:17:18 PDT