Interesting screwup. (was: RE: scary site)

From: Chris Santerre (csanterre@MerchantsOverseas.com)
Date: 03/18/02


From: Chris Santerre <csanterre@MerchantsOverseas.com>
To: security-basics@security-focus.com
Date: Mon, 18 Mar 2002 09:39:33 -0500

Well when I sent this example code, I didn't comment it out. So all of the
virus scanners for people on this list sent me a 'virus found' message. What
is interesting is that 99% of them gave me the email address, domain, name
of anti-virus software, and sometimes even a path!

This could be a potential security problem. Someone could simply send a
virus to this list, and use the resulting virus messages as a beginning
discovery point of a network. I had never thought of this problem. I spend
all that time making my servers as anonymous as possible, but I never
thought about the anti-virus software. Needless to say, I am now :) Has
anyone done anything like this with their antivirus? (I haven't done a
google search yet! 285 emails an counting still!)

-----Original Message-----
From: Chris Santerre [mailto:csanterre@MerchantsOverseas.com]
Sent: Thursday, March 14, 2002 3:31 PM
To: 'Amer Karim'; security-basics@security-focus.com
Subject: RE: scary site

I received the same thing on my Win98se / IE6. NAV said it was evil, but
Calc did NOT come up. But my quick and dirty web code did still get by it.
Only works on Win9x. Here is the code:

*snip code*

The path won't work on NT, but Norton said nothing about this. Also if
anyone knows how to use reg32.dll to call functions, they may be able to
call it here.