[clamav-users] Malware in an Icedove profile of mine cannot be located

Ángel González angel at av.16bits.net
Fri Aug 21 13:56:21 EDT 2015


amenex at amenex.com wrote:
> The generation of these phantoms is also associated with password  
> changes recorded in emails received and moved to file folders. A  
> search on the Internet for "password 12/31/1969" reveals that  
> 12/31/1969 is the zero date for the linux perpetual calendar, 

Actually, the "zero date" (UNIX epoch) is Jan 1 1970 UTC. However, if
you live west from Greenwhich, at that instant it was still 31 December
of 1969.


> and that  
> this has been exploited by admins to set passwords by some sort of  
> sleight-of-hand:
> 
> http://www.codejourneymen.com/content/adding-admin-user-drupal-site-w
> ithout-overwriting-admin-user
> https://books.google.com/books?id=tj0-8ctawTsC&pg=PA108&lpg=PA108&dq=
> password+12/31/1969#v=onepage&q=password%2012%2F31%2F1969&f=false

Er, no. The first link show a tool with the same symptom: they are
showing a 1969 date for an account that never logged in (given the time
shown, the user timezone was probably in America/Denver timezone - USA
Mountain Time).

In the second case they are setting an expiration date in the past in
order to disable a Kerberos principal.



More information about the clamav-users mailing list