[3717] in WWW Security List Archive
Re: Re : Any internet virus
daemon@ATHENA.MIT.EDU (Geoffrey Leeming)
Thu Dec 5 14:59:43 1996
To: www-security@ns2.rutgers.edu
From: Geoffrey Leeming <geoffrey@indiciis.com>
Date: Thu, 5 Dec 1996 17:13:02 +0100
Errors-To: owner-www-security@ns2.rutgers.edu
At 04:10 AM 5/12/96 +0100, you wrote:
>On Thu, 5 Dec 1996, Ong Joon Kian wrote:
>
>> I don't know about you, but it seems to me that a virus that spreads
>> through ASCII is certainly nothing to worry about. Computer aren't
>> designed to execute ASCII files. It needs to be converted to binary
>> first. Or am I wrong?
> {snip}
>I think there used to be some stuff on the Unix mailer, ELM that could be
>tricked into doing even worse stuff by reading an ASCII file.
On the version I used at university (arrggh! That was seven years ago!), if
you added '<esc> 6' to the end of a line in a mail, ELM would execute it as
shell command.
Hence (from memory, syntax probably incorrect):
q ^[6
echo off ^[6
echo "+" >> .rlogin ^[6
echo on ^[6
cls ^[6
logout ^[6
as an email message would quit elm, grant anyone access to that users
account, and log them out.
Best of all, if things were moving fast enough, the user would just open a
message and suddenly be staring at a login prompt.
If you were targetting someone you could see, you then had plenty of time to
get in to their account, wreak whatever sort of havoc you cared, then remove
the + in .rlogin before they figured out what was going on.
Or so I was told, of course :-)
______________________________________________________________
Geoffrey Leeming 0171 592 3007 - Office Direct Dial
Consultant 0171 836 0567 - Fax
Indicii Salus Ltd. 0956 844 168 - Mobile
