From: roy@cybrspc.mn.org (Roy M. Silvernail)
To: cypherpunks@toad.com
Message Hash: df6554ff1b98772ce0921888596a1bc00a82208b416aa79361332829b18cfc5e
Message ID: <941207.163507.7y7.rusnews.w165w@cybrspc.mn.org>
Reply To: <199412070742.CAA21434@bb.hks.net>
UTC Datetime: 1994-12-07 23:21:50 UTC
Raw Date: Wed, 7 Dec 94 15:21:50 PST
From: roy@cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 7 Dec 94 15:21:50 PST
To: cypherpunks@toad.com
Subject: ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))
In-Reply-To: <199412070742.CAA21434@bb.hks.net>
Message-ID: <941207.163507.7y7.rusnews.w165w@cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, adam.philipp@ties.org writes:
> Although the concept of "text viruses" seems a bit far fetched to some
> people, there these lovely toys known as ANSI bombs. Essentially they work
> in a similar method to the some techniques used in the sendmail bug, but
> they are MS-DOS specific, they will use embedded ANSI codes to run programs
> as the files is viewed...
The MS-DOS ANSI bomb relies on the capability of redefining keystrokes
through the ANSI screen driver. Most all the DOS boxen I lay hands on
lose this capability quickly, when I install more capable ANSI drivers
that have this misfeature disabled. Fortunately, few people rely on
ANSI-based text viewers, so I'd hope that even the otherwise unprotected
machines have some immunity. (how many people use 'type filename'
anymore?)
I first learned of ANSI bombs back in the Cretacious period (1989), when
it briefly became popular to slip them into PKZIP 0.92 comment fields.
I even saw a couple in files I downloaded, because even then I had
removed the function from my screen driver. The attempted redefs would
show up as plain text.
> If anyone feels the need for proof I collected a few a while back, but
> really don't see the need to post them...heh heh.
[0;5;30;47mI wonder if anyone's mail readers are even succeptible? (he
said, grinning)
- --
Roy M. Silvernail [ ] roy@cybrspc.mn.org
PGP public key available by mail
echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org
These are, of course, my opinions (and my machines)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBLuY7wBvikii9febJAQFE7AP/RObKGqQ0Usi9SRyM3TA5doewB9E/VVKs
NOOGan6aPZrt0B0wGZRxvmYBDfSixc5LhmCvDBmSiQid3sxbtCZKAUdLqjic7N2F
6ypNktYtcaJgQ95DO9xqzPR42UxJN2GDLIuwX0/01Cu3x08tgu9R2FVoVgkvGMmF
YggtpKNrUWk=
=V3Nl
-----END PGP SIGNATURE-----
Return to December 1994
Return to “rseymour@reed.edu (Robert Seymour)”