From: “Claborne, Chris” <claborne@microcosm.sandiegoca.NCR.COM>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: 2f8d5b0f67b767d596c7dfeea1069afb9418604d9c2d6beef8a5bf7f98d00bc3
Message ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
Reply To: N/A
UTC Datetime: 1994-12-08 06:33:01 UTC
Raw Date: Wed, 7 Dec 94 22:33:01 PST
From: "Claborne, Chris" <claborne@microcosm.sandiegoca.NCR.COM>
Date: Wed, 7 Dec 94 22:33:01 PST
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Good times virus (ANSI BOMB?)
Message-ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
MIME-Version: 1.0
Content-Type: text/plain
Can't be too UNIX centric. With the advent of MS Mail and CC:Mail that
have SMTP gateways, they automagically convert uuencoded files to
attachments in the native format. That is, when you send me a message with
a uuencoded file at the end, my mail gateway uudecodes and puts the
attachemnt in my mail messas as a clickable icon. NOW, all you got to do
is convince me to doubble click on this (virus exe) and bingo!, I'm dead.
Question:
Has anyone tried to infect or destroy an NT box with some known virus.
NT's security model could prevent this (I.E. trying to write to a
restricted file or stay resident...). But I'm not sure what is secured
since almost all users use NT workstation as "Administrator".
2
-- C --
>---------------------------------------------------------------------------
---
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>On Dec 7, 1:04am, ADAM GERSTEIN, _THE_ MACGURU wrote:
>>> Need I remind you of a certain Robert T. Morris? Does the "Internet
Worm"
>>mean
>>> anything to you? Sure, it wasn't actual email, but it did use email and
>other
>>> means of transport to cripple the net in a matter of hours.
>>
>>The Internet Worm used the sendmail DEBUG mode to execute commands on
>>a remote system. It did not propogate itself via email messages, which
was
>>what the original (ridiculous) warning claimed.
>>
>>I can't feel a lot of sympathy for people who took this announcement
>>seriously. Such stupidity reaps its own rewards.
>
>Although the concept of "text viruses" seems a bit far fetched to some
>people, there these lovely toys known as ANSI bombs. Essentially they work
>in a similar method to the some techniques used in the sendmail bug, but
>they are MS-DOS specific, they will use embedded ANSI codes to run programs
>as the files is viewed... anyone know what will happen if deltree /XXX
>(where XXX represents an unpublished string of characters) is run from the
>root directory of a DOS hard disk? Its gone, quickly. Sure the files can be
>undeleted, but undeleting a whole disk is tricky business...
>
>Maybe Good Times is a hoax, but ANSI bombs exist and using a DOS ANSI text
>viewer will surely be a foolish thing to do on any downloaded text file...
>
>If anyone feels the need for proof I collected a few a while back, but
>really don't see the need to post them...heh heh.
>
> Adam Philipp
>
>PS: Please no comments about superiority of MACs or LINUX boxs because they
>are immune to ANSI boms...that ought to be clear enough...
>
>- --
>PGP Key available on the keyservers. Encrypted E-mail welcome.
>
>SUB ROSA: Confidential, secret, not for publication.
> -Black's Law Dictionary
>
>GJ/CS d H S:+ g? p? au+ a- w+ v++ c++ UL+ UU+ US+ P+ 3 E N++ k- W++ M-- V
>po- Y++ t++ 5+ jx R G' tv+ b+++ D++ B--- E+++ u** h-- f++ r+ n+ y++--
>
>- ---
>[This message has been signed by an auto-signing service. A valid
signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBLuVnPSoZzwIn1bdtAQEjeAF+Pi65kg9SMBZ1bzO5gJBsumi5x2vJFgqC
>o0hc3bMaqLYb5WY/jlaAtWURtzXzOUc6
>=/53s
>-----END PGP SIGNATURE-----
>
Return to December 1994
Return to ““Claborne, Chris” <claborne@microcosm.sandiegoca.NCR.COM>”
1994-12-08 (Wed, 7 Dec 94 22:33:01 PST) - Re: Good times virus (ANSI BOMB?) - “Claborne, Chris” <claborne@microcosm.sandiegoca.NCR.COM>