[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))



-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, [email protected] writes:

> Although the concept of "text viruses" seems a bit far fetched to some
> people, there these lovely toys known as ANSI bombs. Essentially they work
> in a similar method to the some techniques used in the sendmail bug, but
> they are MS-DOS specific, they will use embedded ANSI codes to run programs
> as the files is viewed...

The MS-DOS ANSI bomb relies on the capability of redefining keystrokes
through the ANSI screen driver.  Most all the DOS boxen I lay hands on
lose this capability quickly, when I install more capable ANSI drivers
that have this misfeature disabled.  Fortunately, few people rely on
ANSI-based text viewers, so I'd hope that even the otherwise unprotected
machines have some immunity.  (how many people use 'type filename'
anymore?)

I first learned of ANSI bombs back in the Cretacious period (1989), when
it briefly became popular to slip them into PKZIP 0.92 comment fields.
I even saw a couple in files I downloaded, because even then I had
removed the function from my screen driver.  The attempted redefs would
show up as plain text.

> If anyone feels the need for proof I collected a few a while back, but
> really don't see the need to post them...heh heh.

I wonder if anyone's mail readers are even succeptible?  (he
said, grinning)
- -- 
       Roy M. Silvernail         [ ]  [email protected]
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail [email protected]
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLuY7wBvikii9febJAQFE7AP/RObKGqQ0Usi9SRyM3TA5doewB9E/VVKs
NOOGan6aPZrt0B0wGZRxvmYBDfSixc5LhmCvDBmSiQid3sxbtCZKAUdLqjic7N2F
6ypNktYtcaJgQ95DO9xqzPR42UxJN2GDLIuwX0/01Cu3x08tgu9R2FVoVgkvGMmF
YggtpKNrUWk=
=V3Nl
-----END PGP SIGNATURE-----