From: security curmudgeon 
To: JET 
Date: Wed, 30 Mar 2005 02:08:32 -0500 (EST)
Subject: Re: virus on one of your pages.


: First off I really enjoyed reading the Going Postal section of your
: website. I've started browsing through the defacements section and came
: across a virus.
:
: URL: http://www.attrition.org/mirror/attrition/2001/05/13/www.bepco.com/
: Virus: HTML_SADMIND.A
: Antivirus software that detected: PC-cillin
:
: I thought you may want to know about this.

Actually, this is a bug in PC-cillin. The web page has no virus in it.

forced /home/web/mirror/attrition/2001/05/13/www.bepco.com# cat index.html
(html)(body bgcolor=black)(br)(br)(br)(br)(br)(br)(table width=100%)(td)(p
align="center")(font size=7 color=red)fuck USA Government(/font)(tr)(td)(p
align="center")(font size=7 color=red)fuck PoizonBOx(tr)(td)(p
align="center")(font size=4 color=red)contact:sysadmcn@yahoo.com.cn(/html)
(!-- www.attrition.org web hack mirror - watermark or something --)
forced /home/web/mirror/attrition/2001/05/13/www.bepco.com#

Your anti-virus program is using first grade level programming to detect
viruses. It looks for a text string anywhere, finds it, and says "virus"
=) The page you see above is the result of the sadmind.a worm hitting a
system and defacing it. All your AV program knows to do is look for that
signature web page. =)