[3742] in WWW Security List Archive
Re: Re : Any internet virus
daemon@ATHENA.MIT.EDU (Gene Hardesty)
Sat Dec 7 03:41:34 1996
Date: Fri, 06 Dec 1996 15:42:19 +0900
From: Gene Hardesty <geneh@surf-line.or.jp>
Reply-To: geneh@surf-line.or.jp
To: Steve Gibbons <steve@wyrm.AZTech.Net>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
The computer can't directly "interpret" the ASCII (text) file. It's the
OS or the software that emulates it, gives the CPU the right codes that
it understands.
G.
Make sure you get enough sleep or you'll be REALLY worn out the next
day, esp. if you have to do work....and esp. for the people who are
SMART.
Steve Gibbons wrote:
>
> I would normally ignore something like this, but I'm in an ornery mood tonight.
>
> Ong Joon Kian wrote:
>
> > I don't know about you, but it seems to me that a virus that spreads
> > through ASCII is certainly nothing to worry about. Computer aren't
> > designed to execute ASCII files. It needs to be converted to binary
> > first. Or am I wrong?
>
> Computers execute ASCII files all the time. Some common examples are: DOS .BAT files, UNIX shell scripts, VMS .COM files, JavaScript, and any number of
> 4GLs. (Perhaps interpret is a better term than execute, but the effect is the
> same.)
>
> It is certainly possible to package a virus in such a way that it can be
> sent via non-8-bit clean media and executed directly. This is done all the
> time for various software distribution mechanasims VMSSHARE and UNIX' .shar
> formats are two good examples.
>
> If your question was about virus distribution via email, then that's another
> kettle of fish, and (probably) doesn't belong on the www-security list.
> That said, there have (historically) been ways of getting users to do things
> that they didn't intend to by sending them email. (eg, given a MUA that
> doesn't filter excape strings, and a VT-XXX terminal with a programable ENQ
> reply, simply program the ENQ reply that
> 1) extracts the current message
> 2) exits the MUA
> 3) invokes the "proper" sequence to execute/interpret the newly extracted file
>
> Granted most VT-compatible terminals don't offer this feature (but some do)
> and almost all text-based MUAs filter escape sequences now, but this is just
> an example.
>
> There are lots of cases (using different MUAs, and different interfaces) of viruses spreading via email�[D�[D�[D�[D�. The ones that leap to mind are of the MS-Word "Concept" variety. The MUA
> automatically handles any encoding/decoding of "attachments" and when the end
> user opens the attachment, they find that they are hosed.
>
> I apologize for drifting (even further) off-topic of the www-security charter
> (such as it is.)
>
> It's late, I'm tired, I probably shouldn't even have mentioned it here,
>
> --
> Steve
