From: Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 7 Dec 94 08:47:22 PST
To: "Michael K. Sanders" <ianf@sydney.sgi.com
Subject: Re: (Fwd)      Read this, Virus info!!
Message-ID: <9412071644.AA00278@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Michael K. Sanders writes:
>  Has anyone actually seen this 'Good Times' thing? I highly doubt
>  it. And seriously, an e-mail virus? Get real.

and Ian Farquhar writes:
>  And pigs fly too.

Laugh if you want, but this has been possible for years under NeXTSTEP. With  
it's Display PostScript system and rich text mail reader, it's easy to send a  
PostScript trojan horse via e-mail.  As soon as the message is read, the Mail  
app tries to display the text and any images inside, which is probably what  
it should do.  However, because EPS images are really just PostScript code,  
you can do write a PostScript program that does all sorts of nasty things,  
which includes reading and writing files, stick an EPS header on it, and drop  
it into a mail message.  The recipient's mail reader will cheerfully run the  
received EPS image through the PS interpreter...  All of the EPS trojan  
horses I have seen do cute, but harmless, things like melt your screen, make  
windows fly around, rearrange your dock, or display animation before  
returning things to normal, but they could just as easily erase your home  
directory or just about anything else.  After this major security hole became  
public knowledge, NeXT provided for 'secure' postscript contexts (safe-DPS if  
you will) where some of the nastier postscript operators were disabled.

Anyway, it's more than possible, even when the designers didn't originally  
bargain for any type of 'enabled mail.'  And with the proliferation of  
Display PostScript based X servers and MIME mail tools, and other more  
advanced mail systems on other platforms, we will probably see much more of  
this type of thing.


andrew