GEN:SID 1:334
Message FTP .forward
Summary This event is generated when an attempt to copy a specific file to an FTP server is made.
Impact Serious. The attacker might gain the ability to execute commands remotely with the privileges of the affected user.
Detailed Information This event is generated when an attempt to copy a ".forward" file to a victim host is made. A ".forward"file is used to configure email forwarding on UNIX systems. Usually it contains the email addresses where incoming email is forwarded. However, ".forward" file can also be used to forward email to programs (for example, "|IFS=' ' && exec /usr/bin/procmail -f-