From owner-freebsd-questions Tue Mar 28 09:29:17 1995 Return-Path: questions-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA21466 for questions-outgoing; Tue, 28 Mar 1995 09:29:17 -0800 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id JAA21456 for ; Tue, 28 Mar 1995 09:29:14 -0800 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA11619; Tue, 28 Mar 95 10:21:01 MST From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9503281721.AA11619@cs.weber.edu> Subject: Re: virus alert... (fwd) To: branson@dvals1.larc.nasa.gov (Branson Matheson) Date: Tue, 28 Mar 95 10:21:01 MST Cc: bsletten@vivid.autometric.com, evivar@eniac.rhon.itam.mx, questions@FreeBSD.org In-Reply-To: <199503281400.JAA26925@dvals1.larc.nasa.gov> from "Branson Matheson" at Mar 28, 95 09:00:41 am X-Mailer: ELM [version 2.4dev PL52] Sender: questions-owner@FreeBSD.org Precedence: bulk > > I've gotten this before and assumed (perhaps wrongly) that it was > > a joke. Does anyone know anything more? > > > Just looking at the facts... the only way a virus like this can > effect you is if you are running an editor that allows interpreted > codes in the text to be edited. At least this is true under unix. > I cannot see any way else that this could affect you just by > reading the file. Much less somthing like more or less being used > on it. > > If this assumption is incorrect... I encourage responses. > > -branson > > PS> I have seen this exact kind of thing before... It is a farse. Actually, you could make a MIME reader do this, but the image to do it would end up being rather specific to a reader type. I wrote a test case once to see if I could do it (same thing for a UNIX virus). No, you can't have the sources. 8-). I haven't looked at the AOL stuff closely enough yet (I *do* want to see if I can decipher their line protocol and write my own client and maybe a server that can take advantage of the client software available in most magazines these days...). I suspect that with the animations and crap that AOL has, you *might* be able to do it. If you did it this way, it's highly unlikely that the code it would execute would be anything other than p-code of some kind, so the claims about what it supposedly does to "cook the machine" are most likely false. Such a thing would really be a worm, not a virus. There was a worm like this for real several years ago that affected the IBM PROFS mail system. It worked because the environment was the same on all the target hosts. As such, it's *extremely* unlikely to hit UNIX users, even if AOL is runing straight MIME and you as a UNIX (or UNIX clone) user are also running MIME. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.