From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 1 Sep 1996 16:37:50 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: WARNING vIRuS!
In-Reply-To: <Pine.LNX.3.95.960831225055.1669B-100000@gak>
Message-ID: <Pine.3.89.9608312317.A20150-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 31 Aug 1996, Mark M. wrote:

> On Sat, 31 Aug 1996, Paul S. Penrod wrote:
> 
> > Binary launches are the way they do it, and the way a virus spreads, 
> > unless you get caught up with autoexecuting Word and Excel macros.
> > 
> > I have yet to see *any* truly data propogating viruses.
> 
> Would you count the fingerd exploit used in the Internet Worm as a data
> propogating virus?  If a poorly written mail program doesn't do bounds
> checking, it could conceivably allow for a Good Times-like virus.  However,
> highly unlikely, since mail programs are too diverse and it would be very
> doubtful that a brain-dead mail program would become very widespread.  I would
> be much more worried about other non-email programs that fail to do bounds
> checking (like Netscape v1.1).
> 
> -- Mark
> 

No, I wouldn't consider the fingerd exploit a data propogated virus in 
the same sense as data embedded in a purely passive activity (viewing an 
image file) which somehow launches a vicious nasty on your disk. However, 
you do bring up an interesting point in that example.

Netscape and programs of that ilk, IMO, yield antoher exploitable pathway 
into a system, should someone figure a method to shove a jam into the 
doorway to keep the door open long enough to allow a renegade proc to be 
started and executed outside the control of the local operator.

...Paul