TECHNET Archives

April 1997

TechNet@IPC.ORG
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: GEN: Virus warning
From:
"Lolmaugh, Scott (AZ15)" <[log in to unmask]>
Date:
08 Apr 1997 11:01:25 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (300 lines) 
It's now here....  Check out this web location for information about the 
first known virus that can travel and automatically infect others by sending 
itself through your e-mail without your knowledge...
http://www.mcafee.com/corp/press/022497.html
 ----------
From: [log in to unmask]
To: [log in to unmask]; [log in to unmask]
Cc: [log in to unmask]
Subject: Re: GEN: Virus warning
Date: Tuesday, April 08, 1997 9:32AM

This is WAY off topic and I thought about responding only to the
originator

but I didn't want to leave people think this was the last word so...


Actually both "Shredder" and Doug are correct.  "Shredder" is more so in

the details but Doug is more so in the practical sense.  You can embed

executable code into anything.  But the security comes in that it cannot

affect you in any way unless something ALREADY on your system tells it

to run.  In the PC world that is so unlikely to happen that you can just

disregard any threat that does not target some specific software on your

system (such as Microsoft Internet Explorer).


I have never heard of an email virus attacking a PC email reader.  That
may

change in the future as we see more features like automatic filters and

scripts added to email readers.  This is one of the tradeoffs we get
along

with greater connectivity and functionality.


I think the most interesting fact about these email virus warnings is
that

they, in themselves, constitute a virus.  By definition a virus is
information

which replicates and spreads.  In this case we humans are the carriers. It's

really brilliant and elegant... ;^)


Don Walker

[log in to unmask]


At 04:32 PM 4/7/97 -0700, Shredder wrote:
>>>>

<excerpt>

<fontfamily><param>Arial</param><smaller>Actually, you're wrong. Ever
heard of Embedding? You can embed a virus in text, pictures, waves, midi
files etc. So I think you would be inclined to update your virus
knowledge by visiting some hackers pages and checking out some of the
nasty little tricks that the cyberwarriors are using. E-mail bombs are
much the same as an embedded virus in that when you read it, that starts
the bomb/virus' .exe, then (if your boot section is NOT write-protected),
the virus infects the boot files and whatever else it is told to do.
So, unless you have hard evidence that this is in FACT a hoax....a false
sense of security is all you offer other Netizens.

Sorry to burst your bubble.


Shred

 ----------

> From: Doug McKean
<<<underline><color><param>0000,0000,ffff</param>[log in to unmask]  
m<
/color></underline>>

> To: <underline><color><param>0000,0000,ffff</param>[log in to unmask]

</color></underline>> Subject: Re: Virus warning

> Date: Sunday, April 06, 1997 10:31 AM

>
> This is a hoax.

> Every so often during the year these "notices" come up.

>
> Number One Way to Know a Notice is a Hoax -

>
>      You cannot start a virus by opening a text file.

>
>  Virus work by residing in .EXE or .COM files,

>  files that control something.

>
> Number Two Way to Know a Notice is a Hoax -

>
>      Viruses CANNOT physically destroy a hard drive,

>      believe it or not.

>
>  The only way a virus can physically destroy a hard drive

>  is to rewrite the READ/WRITE cycles for the hard drive

>  to some incredible amount of cycles. If this is done,

>  and you sit there without any regard to the fact that

>  you PC is taking 5 hours to read a 1K text file, you

>  deserve to have your hard drive destroyed (dripping sarcasm).

>
>  A virus that "destroys" a hard drive doesn't do anything

>  to the hard drive at all. It rewrites or erases the hard

>  drive driver program. This "essentially" destroys the hard

>  drive to the user depending upon what's in it, but the hard

>  drive "I guarantee" is physically still ok.

>
>  I have had this happen to me. I had a 1.2Gb drive that

>  suddenly was only 500Mb large. That should have been a

>  key piece of info for me. DOS can only handle a drive

>  without a driver up to, you guessed it, 500Mb. I reloaded

>  the driver (yes I lost the info on my drive) and I still

>  use that hard drive today. The gentleman who helped me

>  chuckled at the fact that I didn't hand in my drive to

>  a parts seller. He'd just take the hard drive, reload

>  the driver, then sell it back to someone else.

>
> Don't be fooled into these virus notices.

>
> Anyway, here's some sites about virus's

>
> Computer Incident Advisory Capability

> 
<underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/CIA  
CH
ome.html

</color></underline>> 
<underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/bul  
le
tins/

</color></underline>> 
<underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/Too  
ls
DOSVirus.html

</color></underline>> 
<underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/Sec  
ur
ityTools.html

</color></underline>>
> Also the CIAC has this to say about receiving a warning -

>
> What to Do When You Receive a Warning

> =====================================

>
> Upon receiving a warning, you should examine its PGP signature
> to see that it is from a real response team or antivirus
> organization. To do so, you will need a copy of the PGP
> software and the public signature of the team that sent the
> message. The CIAC signature is available from the CIAC web
> server at:

>
> <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov

</color></underline>>
************************************************************

> If there is no PGP signature, see if the warning includes
> the name of the person submitting the original warning.
> Contact that person to see if he/she really wrote the warning
>  and if he/she really touched the virus. If he/she is passing
> on a rumor or if the address of the person does not exist or
> if there is any questions about theauthenticity or the warning,
> do not circulate it to others. Instead, send the warning to
> your computer security manager or incident response team and
> let them validate it. When in doubt, do not send it out to
> the world. Your computer security managers and the incident

> response teams teams have experts who try to stay current
> on viruses and their warnings.

>
> ************************************************************

>   -------------------------------------------------------

>   The comments and opinions stated herein are mine alone,

>           and do not reflect those of my employer.

>    -------------------------------------------------------

> ************************************************************

>
>
***************************************************************************

> * TechNet mail list is provided as a service by IPC using SmartList
v3.05 *

>
***************************************************************************

> * To subscribe/unsubscribe send a message <<to:
<underline><color><param>0000,0000,ffff</param>[log in to unmask]</colo  
r>
</underline>>
  *

> * with <<subject: subscribe/unsubscribe> and no text in the body. 
         *

> 
***************************************************************************

> * If you are having a problem with the IPC TechNet forum please contact 
  *

> * Dmitriy Sklyar at 847-509-9700 ext. 311 or email at
<underline><color><param>0000,0000,ffff</param>[log in to unmask]</color></under  
li
ne>      *

> 
***************************************************************************

>
</smaller></fontfamily>

</excerpt><<<<<<<<



***************************************************************************
* TechNet mail list is provided as a service by IPC using SmartList v3.05 *
***************************************************************************
* To subscribe/unsubscribe send a message <to: [log in to unmask]>   *
* with <subject: subscribe/unsubscribe> and no text in the body.          *
***************************************************************************
* If you are having a problem with the IPC TechNet forum please contact   *
* Dmitriy Sklyar at 847-509-9700 ext. 311 or email at [log in to unmask]      *
***************************************************************************

***************************************************************************
* TechNet mail list is provided as a service by IPC using SmartList v3.05 *
***************************************************************************
* To subscribe/unsubscribe send a message <to: [log in to unmask]>   *
* with <subject: subscribe/unsubscribe> and no text in the body.          *
***************************************************************************
* If you are having a problem with the IPC TechNet forum please contact   *
* Dmitriy Sklyar at 847-509-9700 ext. 311 or email at [log in to unmask]      *
***************************************************************************

ATOM RSS1 RSS2