1996-09-01 - Re: ^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿WARNING^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿ vIRuS!

Header Data

From: mpd@netcom.com (Mike Duvos)
To: cypherpunks@toad.com
Message Hash: 6d2f61684f066217b2331d48e693a97f48b134fbda75097b361e6694f0906914
Message ID: <199609010741.AAA25267@netcom8.netcom.com>
Reply To: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com>
UTC Datetime: 1996-09-01 09:29:10 UTC
Raw Date: Sun, 1 Sep 1996 17:29:10 +0800

Raw message

From: mpd@netcom.com (Mike Duvos)
Date: Sun, 1 Sep 1996 17:29:10 +0800
To: cypherpunks@toad.com
Subject: Re: ^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿WARNING^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿ vIRuS!
In-Reply-To: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com>
Message-ID: <199609010741.AAA25267@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Alan Olsen writes:

> This is the clueless kind of crap I expect pitched to AOL users and
> upperlevel management.

> GIF and JPEGs contain *NO* executable code.  You cannot get viruses
> from them.  You obviously have no clue as to what the hell you are 
> talking about. 

> The only way that you could obtain the effects described above is 
> with Black Magic and/or Voodoo.  (And not even then.)

I don't want to restart the jpg-virus flame war again, and this 
particular story is likely completely bogus, but I should point out 
that most complicated software, including jpeg viewers, has
undiscovered bugs lurking about.  It is also not particularly
difficult to find a garbage input file for most sloppily written
programs which bombs the program into branching into one of its
data buffers.  Indeed, it wasn't so long ago that you could get
httpd to put crap on its own stack by feeding it an excessively
long URL. 

So I would certainly not be surprised if someone managed to 
construct a .jpg file which would do nasty things to ones machine
if loaded with a specific viewer, and give an error message when 
loaded by other software.  

If the viewer was a widely used one, and the .jpg was posted on 
Usenet with an alluring title, one could probably do quite a bit
of damage before people got wise.  

Not a virus in the traditional sense, but a fairly common way
to attack complicated operating systems and applications. 

     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $