[3710] in WWW Security List Archive
Re: Re : Any internet virus
daemon@ATHENA.MIT.EDU (Steve Gibbons)
Thu Dec 5 02:20:54 1996
Date: Wed, 4 Dec 1996 21:56:35 -0700
From: Steve Gibbons <steve@wyrm.AZTech.Net>
To: ongjk@tm.net.my, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I would normally ignore something like this, but I'm in an ornery mood tonight.
Ong Joon Kian wrote:
> I don't know about you, but it seems to me that a virus that spreads
> through ASCII is certainly nothing to worry about. Computer aren't
> designed to execute ASCII files. It needs to be converted to binary
> first. Or am I wrong?
Computers execute ASCII files all the time. Some common examples are: DOS .BAT files, UNIX shell scripts, VMS .COM files, JavaScript, and any number of
4GLs. (Perhaps interpret is a better term than execute, but the effect is the
same.)
It is certainly possible to package a virus in such a way that it can be
sent via non-8-bit clean media and executed directly. This is done all the
time for various software distribution mechanasims VMSSHARE and UNIX' .shar
formats are two good examples.
If your question was about virus distribution via email, then that's another
kettle of fish, and (probably) doesn't belong on the www-security list.
That said, there have (historically) been ways of getting users to do things
that they didn't intend to by sending them email. (eg, given a MUA that
doesn't filter excape strings, and a VT-XXX terminal with a programable ENQ
reply, simply program the ENQ reply that
1) extracts the current message
2) exits the MUA
3) invokes the "proper" sequence to execute/interpret the newly extracted file
Granted most VT-compatible terminals don't offer this feature (but some do)
and almost all text-based MUAs filter escape sequences now, but this is just
an example.
There are lots of cases (using different MUAs, and different interfaces) of viruses spreading via email�[D�[D�[D�[D�. The ones that leap to mind are of the MS-Word "Concept" variety. The MUA
automatically handles any encoding/decoding of "attachments" and when the end
user opens the attachment, they find that they are hosed.
I apologize for drifting (even further) off-topic of the www-security charter
(such as it is.)
It's late, I'm tired, I probably shouldn't even have mentioned it here,
--
Steve
