[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Good times virus (ANSI BOMB?)

To: cypherpunks <[email protected]>
Subject: Re: Good times virus (ANSI BOMB?)
From: "Claborne, Chris" <[email protected]>
Date: Wed, 07 Dec 94 11:59:00 PST
Encoding: 81 TEXT
Sender: [email protected]


   Can't be too UNIX centric.  With the advent of MS Mail and CC:Mail that 
have SMTP gateways, they automagically convert uuencoded files to 
attachments in the native format.  That is, when you send me a message with 
a uuencoded file at the end, my mail gateway uudecodes and puts the 
attachemnt in my mail messas as a clickable icon.  NOW,  all you got to do 
is convince me to doubble click on this (virus exe) and bingo!, I'm dead.

Question:

   Has anyone tried to infect or destroy an NT box with some known virus. 
 NT's security model could prevent this (I.E. trying to write to a 
restricted file or stay resident...).  But I'm not sure what is secured 
since almost all users use NT workstation as "Administrator".

     2
 -- C  --
>---------------------------------------------------------------------------  
 ---
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>On Dec 7,  1:04am, ADAM GERSTEIN, _THE_ MACGURU wrote:
>>> Need I remind you of a certain Robert T. Morris? Does the "Internet 
Worm"
>>mean
>>> anything to you? Sure, it wasn't actual email, but it did use email and
>other
>>> means of transport to cripple the net in a matter of hours.
>>
>>The Internet Worm used the sendmail DEBUG mode to execute commands on
>>a remote system.  It did not propogate itself via email messages, which 
was
>>what the original (ridiculous) warning claimed.
>>
>>I can't feel a lot of sympathy for people who took this announcement
>>seriously.  Such stupidity reaps its own rewards.
>
>Although the concept of "text viruses" seems a bit far fetched to some
>people, there these lovely toys known as ANSI bombs. Essentially they work
>in a similar method to the some techniques used in the sendmail bug, but
>they are MS-DOS specific, they will use embedded ANSI codes to run programs
>as the files is viewed... anyone know what will happen if deltree /XXX
>(where XXX represents an unpublished string of characters) is run from the
>root directory of a DOS hard disk? Its gone, quickly. Sure the files can be
>undeleted, but undeleting a whole disk is tricky business...
>
>Maybe Good Times is a hoax, but ANSI bombs exist and using a DOS ANSI text
>viewer will surely be a foolish thing to do on any downloaded text file...
>
>If anyone feels the need for proof I collected a few a while back, but
>really don't see the need to post them...heh heh.
>
>     Adam Philipp
>
>PS: Please no comments about superiority of MACs or LINUX boxs because they
>are immune to ANSI boms...that ought to be clear enough...
>
>- --
>PGP Key available on the keyservers. Encrypted E-mail welcome.
>
>SUB ROSA: Confidential, secret, not for publication.
>           -Black's Law Dictionary
>
>GJ/CS d H S:+ g? p? au+ a- w+ v++ c++ UL+ UU+ US+ P+ 3 E N++ k- W++ M-- V
>po- Y++ t++ 5+ jx R G' tv+ b+++ D++ B--- E+++ u** h-- f++ r+ n+ y++--
>
>- ---
>[This message has been signed by an auto-signing service.  A valid 
signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBLuVnPSoZzwIn1bdtAQEjeAF+Pi65kg9SMBZ1bzO5gJBsumi5x2vJFgqC
>o0hc3bMaqLYb5WY/jlaAtWURtzXzOUc6
>=/53s
>-----END PGP SIGNATURE-----
>

Prev by Date: My apologies to the list (Re: ANSI Bombs are still a threat?)
Next by Date: Re: ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))
Prev by thread: Re: ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))
Next by thread: PGPTools bug
Index(es):
- Date
- Thread