1994-12-08 - Re: Good times virus (ANSI BOMB?)

Header Data

From: “Claborne, Chris” <claborne@microcosm.sandiegoca.NCR.COM>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: 2f8d5b0f67b767d596c7dfeea1069afb9418604d9c2d6beef8a5bf7f98d00bc3
Message ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
Reply To: N/A
UTC Datetime: 1994-12-08 06:33:01 UTC
Raw Date: Wed, 7 Dec 94 22:33:01 PST

Raw message

From: "Claborne, Chris" <claborne@microcosm.sandiegoca.NCR.COM>
Date: Wed, 7 Dec 94 22:33:01 PST
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Good times virus (ANSI BOMB?)
Message-ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
MIME-Version: 1.0
Content-Type: text/plain



   Can't be too UNIX centric.  With the advent of MS Mail and CC:Mail that 
have SMTP gateways, they automagically convert uuencoded files to 
attachments in the native format.  That is, when you send me a message with 
a uuencoded file at the end, my mail gateway uudecodes and puts the 
attachemnt in my mail messas as a clickable icon.  NOW,  all you got to do 
is convince me to doubble click on this (virus exe) and bingo!, I'm dead.

Question:

   Has anyone tried to infect or destroy an NT box with some known virus. 
 NT's security model could prevent this (I.E. trying to write to a 
restricted file or stay resident...).  But I'm not sure what is secured 
since almost all users use NT workstation as "Administrator".

     2
 -- C  --
>---------------------------------------------------------------------------  
 ---
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>On Dec 7,  1:04am, ADAM GERSTEIN, _THE_ MACGURU wrote:
>>> Need I remind you of a certain Robert T. Morris? Does the "Internet 
Worm"
>>mean
>>> anything to you? Sure, it wasn't actual email, but it did use email and
>other
>>> means of transport to cripple the net in a matter of hours.
>>
>>The Internet Worm used the sendmail DEBUG mode to execute commands on
>>a remote system.  It did not propogate itself via email messages, which 
was
>>what the original (ridiculous) warning claimed.
>>
>>I can't feel a lot of sympathy for people who took this announcement
>>seriously.  Such stupidity reaps its own rewards.
>
>Although the concept of "text viruses" seems a bit far fetched to some
>people, there these lovely toys known as ANSI bombs. Essentially they work
>in a similar method to the some techniques used in the sendmail bug, but
>they are MS-DOS specific, they will use embedded ANSI codes to run programs
>as the files is viewed... anyone know what will happen if deltree /XXX
>(where XXX represents an unpublished string of characters) is run from the
>root directory of a DOS hard disk? Its gone, quickly. Sure the files can be
>undeleted, but undeleting a whole disk is tricky business...
>
>Maybe Good Times is a hoax, but ANSI bombs exist and using a DOS ANSI text
>viewer will surely be a foolish thing to do on any downloaded text file...
>
>If anyone feels the need for proof I collected a few a while back, but
>really don't see the need to post them...heh heh.
>
>     Adam Philipp
>
>PS: Please no comments about superiority of MACs or LINUX boxs because they
>are immune to ANSI boms...that ought to be clear enough...
>
>- --
>PGP Key available on the keyservers. Encrypted E-mail welcome.
>
>SUB ROSA: Confidential, secret, not for publication.
>           -Black's Law Dictionary
>
>GJ/CS d H S:+ g? p? au+ a- w+ v++ c++ UL+ UU+ US+ P+ 3 E N++ k- W++ M-- V
>po- Y++ t++ 5+ jx R G' tv+ b+++ D++ B--- E+++ u** h-- f++ r+ n+ y++--
>
>- ---
>[This message has been signed by an auto-signing service.  A valid 
signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBLuVnPSoZzwIn1bdtAQEjeAF+Pi65kg9SMBZ1bzO5gJBsumi5x2vJFgqC
>o0hc3bMaqLYb5WY/jlaAtWURtzXzOUc6
>=/53s
>-----END PGP SIGNATURE-----
>





Thread