1994-12-07 - ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))

Header Data

From: roy@cybrspc.mn.org (Roy M. Silvernail)
To: cypherpunks@toad.com
Message Hash: df6554ff1b98772ce0921888596a1bc00a82208b416aa79361332829b18cfc5e
Message ID: <941207.163507.7y7.rusnews.w165w@cybrspc.mn.org>
Reply To: <199412070742.CAA21434@bb.hks.net>
UTC Datetime: 1994-12-07 23:21:50 UTC
Raw Date: Wed, 7 Dec 94 15:21:50 PST

Raw message

From: roy@cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 7 Dec 94 15:21:50 PST
To: cypherpunks@toad.com
Subject: ANSI Bombs are still a threat? (was: Re: Good times virus (ANSI BOMB?))
In-Reply-To: <199412070742.CAA21434@bb.hks.net>
Message-ID: <941207.163507.7y7.rusnews.w165w@cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, adam.philipp@ties.org writes:

> Although the concept of "text viruses" seems a bit far fetched to some
> people, there these lovely toys known as ANSI bombs. Essentially they work
> in a similar method to the some techniques used in the sendmail bug, but
> they are MS-DOS specific, they will use embedded ANSI codes to run programs
> as the files is viewed...

The MS-DOS ANSI bomb relies on the capability of redefining keystrokes
through the ANSI screen driver.  Most all the DOS boxen I lay hands on
lose this capability quickly, when I install more capable ANSI drivers
that have this misfeature disabled.  Fortunately, few people rely on
ANSI-based text viewers, so I'd hope that even the otherwise unprotected
machines have some immunity.  (how many people use 'type filename'
anymore?)

I first learned of ANSI bombs back in the Cretacious period (1989), when
it briefly became popular to slip them into PKZIP 0.92 comment fields.
I even saw a couple in files I downloaded, because even then I had
removed the function from my screen driver.  The attempted redefs would
show up as plain text.

> If anyone feels the need for proof I collected a few a while back, but
> really don't see the need to post them...heh heh.

I wonder if anyone's mail readers are even succeptible?  (he
said, grinning)
- -- 
       Roy M. Silvernail         [ ]  roy@cybrspc.mn.org
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLuY7wBvikii9febJAQFE7AP/RObKGqQ0Usi9SRyM3TA5doewB9E/VVKs
NOOGan6aPZrt0B0wGZRxvmYBDfSixc5LhmCvDBmSiQid3sxbtCZKAUdLqjic7N2F
6ypNktYtcaJgQ95DO9xqzPR42UxJN2GDLIuwX0/01Cu3x08tgu9R2FVoVgkvGMmF
YggtpKNrUWk=
=V3Nl
-----END PGP SIGNATURE-----






Thread