From: "Paul S. Penrod" <furballs@netcom.com>
Date: Mon, 2 Sep 1996 10:41:29 +0800
To: kickboxer <charlee@netnet.net>
Subject: Re: HAZ-MAT virus
In-Reply-To: <199609012319.SAA18515@netnet1.netnet.net>
Message-ID: <Pine.3.89.9609011737.A19751-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



First, the HAZ-MAT is a polymorphic virus. It is not run by any data file 
(GIF, JPG or otherwise).

Second. I had a private message sentto me from someone who suffered at 
the hands of this virus and described the effects. From the description 
it indicates the use of a possible boot or hidden sector residency with 
low level ATA-3 command capability to zap IDE drives. This is nothing 
new, or magical. 

Third. The HAZ-MAT virus has been documented to have been transported via 
a rogue copy of EudoraPro in zip format, plus one other EXE (non-image 
application).

This is not spam, just facts...

On Sun, 1 Sep 1996, kickboxer wrote:

> I do not know how it is run by the JPG and GIF files, but I do know that the
> code somehow loads into the image viewer itself..I am not sure how it works,
> just that it is very destructive.. I had it destroy my 486 (using Lview Pro)
> Oh, well, ENOUGH already.  if you have something to say that is related to
> "image files cant execute a virus" please do not. there are too many spams
> with those ideas out now
>                                                                                
> 
>