1994-12-08 - Re: Good times virus (ANSI BOMB?)

Header Data

From: “Claborne, Chris” <claborne@microcosm.sandiegoca.NCR.COM>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: 2f8d5b0f67b767d596c7dfeea1069afb9418604d9c2d6beef8a5bf7f98d00bc3
Message ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
Reply To: N/A
UTC Datetime: 1994-12-08 06:33:01 UTC
Raw Date: Wed, 7 Dec 94 22:33:01 PST

Raw message

From: "Claborne, Chris" <claborne@microcosm.sandiegoca.NCR.COM>
Date: Wed, 7 Dec 94 22:33:01 PST
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Good times virus (ANSI BOMB?)
Message-ID: <2EE69EFD@microcosm.SanDiegoCA.NCR.COM>
MIME-Version: 1.0
Content-Type: text/plain

   Can't be too UNIX centric.  With the advent of MS Mail and CC:Mail that 
have SMTP gateways, they automagically convert uuencoded files to 
attachments in the native format.  That is, when you send me a message with 
a uuencoded file at the end, my mail gateway uudecodes and puts the 
attachemnt in my mail messas as a clickable icon.  NOW,  all you got to do 
is convince me to doubble click on this (virus exe) and bingo!, I'm dead.


   Has anyone tried to infect or destroy an NT box with some known virus. 
 NT's security model could prevent this (I.E. trying to write to a 
restricted file or stay resident...).  But I'm not sure what is secured 
since almost all users use NT workstation as "Administrator".

 -- C  --
>>On Dec 7,  1:04am, ADAM GERSTEIN, _THE_ MACGURU wrote:
>>> Need I remind you of a certain Robert T. Morris? Does the "Internet 
>>> anything to you? Sure, it wasn't actual email, but it did use email and
>>> means of transport to cripple the net in a matter of hours.
>>The Internet Worm used the sendmail DEBUG mode to execute commands on
>>a remote system.  It did not propogate itself via email messages, which 
>>what the original (ridiculous) warning claimed.
>>I can't feel a lot of sympathy for people who took this announcement
>>seriously.  Such stupidity reaps its own rewards.
>Although the concept of "text viruses" seems a bit far fetched to some
>people, there these lovely toys known as ANSI bombs. Essentially they work
>in a similar method to the some techniques used in the sendmail bug, but
>they are MS-DOS specific, they will use embedded ANSI codes to run programs
>as the files is viewed... anyone know what will happen if deltree /XXX
>(where XXX represents an unpublished string of characters) is run from the
>root directory of a DOS hard disk? Its gone, quickly. Sure the files can be
>undeleted, but undeleting a whole disk is tricky business...
>Maybe Good Times is a hoax, but ANSI bombs exist and using a DOS ANSI text
>viewer will surely be a foolish thing to do on any downloaded text file...
>If anyone feels the need for proof I collected a few a while back, but
>really don't see the need to post them...heh heh.
>     Adam Philipp
>PS: Please no comments about superiority of MACs or LINUX boxs because they
>are immune to ANSI boms...that ought to be clear enough...
>- --
>PGP Key available on the keyservers. Encrypted E-mail welcome.
>SUB ROSA: Confidential, secret, not for publication.
>           -Black's Law Dictionary
>GJ/CS d H S:+ g? p? au+ a- w+ v++ c++ UL+ UU+ US+ P+ 3 E N++ k- W++ M-- V
>po- Y++ t++ 5+ jx R G' tv+ b+++ D++ B--- E+++ u** h-- f++ r+ n+ y++--
>- ---
>[This message has been signed by an auto-signing service.  A valid 
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>Version: 2.6.2
>Comment: Gratis auto-signing service