[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: F. Y. I.
>
> To all. This is something I received from a fellow Internet user in
> the States. I don't know where he got this info, but I thought we may
> all benefit from this warning.
>
> SrA Lounsbury sends...
>
> >>>>>>SUBJECT: VIRUSES--IMPORTANT PLEASE READ IMMEDIATELY
> >>>>>>line "Good Times", DO NOT read the message, DELETE it
I've been employed by two of the largest and most well-known
Anti-Virus software companies in the world (Symantec and now
McAfee).
I've supported a wide variety of anti-virus products.
I can assure you that this is a hoax. There is currently
no known mechanism by which an e-mail message could "infect"
and "propagate" independent of OS and MUA. In other words
it would require a specific combination of operating system
and platform and/or a specific mail reading program
to transparently execute code (macros whatever) inside of a
mail message.
Java, LiveScript, and Microsoft's transparent MSN hooks
could allow these sorts of things in the future (through
suitably *bad* client software. Also I've heard that
the e-mail package included with WordPerfect Office can
execute some binary attachments, automatically.
Other than those two exceptions I know of know way that this
would be feasible.
On comp.virus (or was it alt.comp.virus??) there was considerable
(and heated) debate about the feasibility (and possible
*desirability <g>) of a trojan horse that would be specific to
a client (like AOL's proprietary access software) and would
pipe in some data to exploit some as yet undiscovered bug
(like the famous fingerd buffer overflow) to force execution
of CPU specific machine code.
In any event these would not be "viruses" in the traditional
computer sense of the term. Virus researchers naturally have
to distinguish between worms, logic bombs, trojan horses,
droppers, and various types of virus. There is considerable
literature on these distinctions (which I have neither the
time nor the expertise to attempt to duplicate here).
(and there was much rejoicing).
All of this has little to do with cryptography.
The cryptography used in computer viruses is generally not very
sophisticated. the primary constraints are compactness of
algorithm and convenience of the implementation with respect to
a given processor. The only purpose is to obuscate the code --
try to limit the efficiency or effectiveness of signature based
scanning engines. Mostly they use self-modifying code loops
with XOR's and simple ADD's and SUB's. I heard of one that
PUSHed all it's code onto the stack and then did a simple FAR
JMP to it (apparently quite compact).
Finally I'd like to recommend that people please restrain
themselves from forwarding press releases from various
sources to other mailing lists that "might be interested."
Most of us are big boys and girls. If our interest is
sufficiently broad, we'll go subscribe to those other lists
or newsgroups.
If you insist on referring to things from other sources --
perhaps a short query (like "Say does anyone here think the
'Good Times' virus has anything to do with with cryptography?"
and "Well, if your interested you can find out more about it
on foo -- or ask and I'll forward a copy") will be more
conservative of our time and bandwidth.
(Now y'all can flame me for wasting this much on a largely
off-topic response -- but please feel free to direct those
flames to /dev/null or to *just me*).