"On Wednesday, the 14,300-strong subscribers to a
popular security list known as Vuln-Dev received what may have
appeared a rare treat: a message to the list containing source code
to a program that gave the user full control of a remote Unix
system.
The message, apparently from Carolyn Meinel, a computer security
consultant and author of a book called "The Happy Hacker," claimed
the code exploited a vulnerability in the latest version of
WU-FTPD, a file transfer program used by many sites around the
world. A copy of the code, wu261.c, was also available at Meinel's
site, techbroker.com.
But as some Vuln-Dev readers, many of whom are system
administrators for businesses, painfully learned, the program was a
Trojan horse, and if compiled and run, could delete most of the
files on the user's computer."
