Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: Malicious module on CPAN

by hookbot (Acolyte)
on Jul 30, 2020 at 01:42 UTC ( #11120041=note: print w/replies, xml ) Need Help??


in reply to Re: Malicious module on CPAN
in thread Malicious module on CPAN

To @aitap I think you're the first one to deobfuscate this code publicly like this. Very nice explanations and I can really appreciate your time doing that! It wasn't so much the HTTP/1.0 or HTTP/1.1 that made any difference. It's that some of my endpoints actually rely on HTTP/0.9 protocol to work properly. Yeah, I admit it's gross, I know. And yes, the RCX.pm is just a useless benign test, as you've observed. But the actual use of Module::AutoLoad never touches RCX.pm except in that RCX.pl test suite just to make sure all the obfuscation endpoints are still up. Maybe your reasoning for failing to actually explain how AutoLoad.pm works (which is what would actually be used) is because it's probably easy enough to follow anyways and thus doesn't need any explanation. So at least you already did the hard part. Fair enough.

Replies are listed 'Best First'.
Re^3: Malicious module on CPAN
by aitap (Curate) on Jul 30, 2020 at 09:26 UTC
    Maybe your reasoning for failing to actually explain how AutoLoad.pm works (which is what would actually be used) is because it's probably easy enough to follow anyways and thus doesn't need any explanation.
    Yeah, the live code botstraps "AutoLoad" instead of "RCX", and once the code evaluates http://perl.rob.com/dl/AutoLoad.pm, it fetches the real Module::AutoLoad, which is much easier to understand and uses MetaCPAN v1 API.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11120041]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (3)
As of 2020-10-26 16:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (252 votes). Check out past polls.

    Notices?