in reply to Re: Malicious module on CPAN
in thread Malicious module on CPAN

To @aitap I think you're the first one to deobfuscate this code publicly like this. Very nice explanations and I can really appreciate your time doing that! It wasn't so much the HTTP/1.0 or HTTP/1.1 that made any difference. It's that some of my endpoints actually rely on HTTP/0.9 protocol to work properly. Yeah, I admit it's gross, I know. And yes, the is just a useless benign test, as you've observed. But the actual use of Module::AutoLoad never touches except in that test suite just to make sure all the obfuscation endpoints are still up. Maybe your reasoning for failing to actually explain how works (which is what would actually be used) is because it's probably easy enough to follow anyways and thus doesn't need any explanation. So at least you already did the hard part. Fair enough.