[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Good times virus (ANSI BOMB?)



-----BEGIN PGP SIGNED MESSAGE-----

>On Dec 7,  1:04am, ADAM GERSTEIN, _THE_ MACGURU wrote:
>> Need I remind you of a certain Robert T. Morris? Does the "Internet Worm"
>mean
>> anything to you? Sure, it wasn't actual email, but it did use email and other
>> means of transport to cripple the net in a matter of hours.
>
>The Internet Worm used the sendmail DEBUG mode to execute commands on
>a remote system.  It did not propogate itself via email messages, which was
>what the original (ridiculous) warning claimed.
>
>I can't feel a lot of sympathy for people who took this announcement
>seriously.  Such stupidity reaps its own rewards.

Although the concept of "text viruses" seems a bit far fetched to some
people, there these lovely toys known as ANSI bombs. Essentially they work
in a similar method to the some techniques used in the sendmail bug, but
they are MS-DOS specific, they will use embedded ANSI codes to run programs
as the files is viewed... anyone know what will happen if deltree /XXX
(where XXX represents an unpublished string of characters) is run from the
root directory of a DOS hard disk? Its gone, quickly. Sure the files can be
undeleted, but undeleting a whole disk is tricky business...

Maybe Good Times is a hoax, but ANSI bombs exist and using a DOS ANSI text
viewer will surely be a foolish thing to do on any downloaded text file...

If anyone feels the need for proof I collected a few a while back, but
really don't see the need to post them...heh heh.

     Adam Philipp

PS: Please no comments about superiority of MACs or LINUX boxs because they
are immune to ANSI boms...that ought to be clear enough...

- --
PGP Key available on the keyservers. Encrypted E-mail welcome.

SUB ROSA: Confidential, secret, not for publication.
           -Black's Law Dictionary

GJ/CS d H S:+ g? p? au+ a- w+ v++ c++ UL+ UU+ US+ P+ 3 E N++ k- W++ M-- V
po- Y++ t++ 5+ jx R G' tv+ b+++ D++ B--- E+++ u** h-- f++ r+ n+ y++--

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLuVnPSoZzwIn1bdtAQEjeAF+Pi65kg9SMBZ1bzO5gJBsumi5x2vJFgqC
o0hc3bMaqLYb5WY/jlaAtWURtzXzOUc6
=/53s
-----END PGP SIGNATURE-----