[3708] in WWW Security List Archive
Re: Re : Any internet virus
daemon@ATHENA.MIT.EDU (Jack Gostl)
Thu Dec 5 00:17:06 1996
Date: Wed, 4 Dec 1996 22:10:50 -0500 (EST)
From: Jack Gostl <gostl@argoscomp.com>
To: Ong Joon Kian <ongjk@tm.net.my>
Cc: Internet Engineering Task Force <www-security@ns2.rutgers.edu>
In-Reply-To: <199612041923.DAA01170@gandalf.asiapac.net>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 5 Dec 1996, Ong Joon Kian wrote:
> I don't know about you, but it seems to me that a virus that spreads
> through ASCII is certainly nothing to worry about. Computer aren't
> designed to execute ASCII files. It needs to be converted to binary
> first. Or am I wrong?
Wrong, sort of. The problem is that Windows 95 is too darned smart. You
could construct a message with a Word document attached. Under some
circumstances, W95 recognizes the document as a Word document, and
launches Word and starts the document. This document can contain a macro
that executes on startup. And POOF!
I think there used to be some stuff on the Unix mailer, ELM that could be
tricked into doing even worse stuff by reading an ASCII file.
Finally, there is the old "ANSI" bomb trick, only relevant in DOS, where
someone embeds an ANSI sequence in a message which reprograms one of your
keys to contain something like "DEL C:\BIN\*.EXE".
So --- never say never --- and all of which is quite interesting, but
doesn't have much to do with web security.
Jack Gostl gostl@argoscomp.com
