It's now here.... Check out this web location for information about the first known virus that can travel and automatically infect others by sending itself through your e-mail without your knowledge... http://www.mcafee.com/corp/press/022497.html ---------- From: [log in to unmask] To: [log in to unmask]; [log in to unmask] Cc: [log in to unmask] Subject: Re: GEN: Virus warning Date: Tuesday, April 08, 1997 9:32AM This is WAY off topic and I thought about responding only to the originator but I didn't want to leave people think this was the last word so... Actually both "Shredder" and Doug are correct. "Shredder" is more so in the details but Doug is more so in the practical sense. You can embed executable code into anything. But the security comes in that it cannot affect you in any way unless something ALREADY on your system tells it to run. In the PC world that is so unlikely to happen that you can just disregard any threat that does not target some specific software on your system (such as Microsoft Internet Explorer). I have never heard of an email virus attacking a PC email reader. That may change in the future as we see more features like automatic filters and scripts added to email readers. This is one of the tradeoffs we get along with greater connectivity and functionality. I think the most interesting fact about these email virus warnings is that they, in themselves, constitute a virus. By definition a virus is information which replicates and spreads. In this case we humans are the carriers. It's really brilliant and elegant... ;^) Don Walker [log in to unmask] At 04:32 PM 4/7/97 -0700, Shredder wrote: >>>> <excerpt> <fontfamily><param>Arial</param><smaller>Actually, you're wrong. Ever heard of Embedding? You can embed a virus in text, pictures, waves, midi files etc. So I think you would be inclined to update your virus knowledge by visiting some hackers pages and checking out some of the nasty little tricks that the cyberwarriors are using. E-mail bombs are much the same as an embedded virus in that when you read it, that starts the bomb/virus' .exe, then (if your boot section is NOT write-protected), the virus infects the boot files and whatever else it is told to do. So, unless you have hard evidence that this is in FACT a hoax....a false sense of security is all you offer other Netizens. Sorry to burst your bubble. Shred ---------- > From: Doug McKean <<<underline><color><param>0000,0000,ffff</param>[log in to unmask] m< /color></underline>> > To: <underline><color><param>0000,0000,ffff</param>[log in to unmask] </color></underline>> Subject: Re: Virus warning > Date: Sunday, April 06, 1997 10:31 AM > > This is a hoax. > Every so often during the year these "notices" come up. > > Number One Way to Know a Notice is a Hoax - > > You cannot start a virus by opening a text file. > > Virus work by residing in .EXE or .COM files, > files that control something. > > Number Two Way to Know a Notice is a Hoax - > > Viruses CANNOT physically destroy a hard drive, > believe it or not. > > The only way a virus can physically destroy a hard drive > is to rewrite the READ/WRITE cycles for the hard drive > to some incredible amount of cycles. If this is done, > and you sit there without any regard to the fact that > you PC is taking 5 hours to read a 1K text file, you > deserve to have your hard drive destroyed (dripping sarcasm). > > A virus that "destroys" a hard drive doesn't do anything > to the hard drive at all. It rewrites or erases the hard > drive driver program. This "essentially" destroys the hard > drive to the user depending upon what's in it, but the hard > drive "I guarantee" is physically still ok. > > I have had this happen to me. I had a 1.2Gb drive that > suddenly was only 500Mb large. That should have been a > key piece of info for me. DOS can only handle a drive > without a driver up to, you guessed it, 500Mb. I reloaded > the driver (yes I lost the info on my drive) and I still > use that hard drive today. The gentleman who helped me > chuckled at the fact that I didn't hand in my drive to > a parts seller. He'd just take the hard drive, reload > the driver, then sell it back to someone else. > > Don't be fooled into these virus notices. > > Anyway, here's some sites about virus's > > Computer Incident Advisory Capability > <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/CIA CH ome.html </color></underline>> <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/bul le tins/ </color></underline>> <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/Too ls DOSVirus.html </color></underline>> <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov/ciac/Sec ur ityTools.html </color></underline>> > Also the CIAC has this to say about receiving a warning - > > What to Do When You Receive a Warning > ===================================== > > Upon receiving a warning, you should examine its PGP signature > to see that it is from a real response team or antivirus > organization. To do so, you will need a copy of the PGP > software and the public signature of the team that sent the > message. The CIAC signature is available from the CIAC web > server at: > > <underline><color><param>0000,0000,ffff</param>http://ciac.llnl.gov </color></underline>> ************************************************************ > If there is no PGP signature, see if the warning includes > the name of the person submitting the original warning. > Contact that person to see if he/she really wrote the warning > and if he/she really touched the virus. If he/she is passing > on a rumor or if the address of the person does not exist or > if there is any questions about theauthenticity or the warning, > do not circulate it to others. Instead, send the warning to > your computer security manager or incident response team and > let them validate it. When in doubt, do not send it out to > the world. Your computer security managers and the incident > response teams teams have experts who try to stay current > on viruses and their warnings. > > ************************************************************ > ------------------------------------------------------- > The comments and opinions stated herein are mine alone, > and do not reflect those of my employer. > ------------------------------------------------------- > ************************************************************ > > *************************************************************************** > * TechNet mail list is provided as a service by IPC using SmartList v3.05 * > *************************************************************************** > * To subscribe/unsubscribe send a message <<to: <underline><color><param>0000,0000,ffff</param>[log in to unmask]</colo r> </underline>> * > * with <<subject: subscribe/unsubscribe> and no text in the body. * > *************************************************************************** > * If you are having a problem with the IPC TechNet forum please contact * > * Dmitriy Sklyar at 847-509-9700 ext. 311 or email at <underline><color><param>0000,0000,ffff</param>[log in to unmask]</color></under li ne> * > *************************************************************************** > </smaller></fontfamily> </excerpt><<<<<<<< *************************************************************************** * TechNet mail list is provided as a service by IPC using SmartList v3.05 * *************************************************************************** * To subscribe/unsubscribe send a message <to: [log in to unmask]> * * with <subject: subscribe/unsubscribe> and no text in the body. * *************************************************************************** * If you are having a problem with the IPC TechNet forum please contact * * Dmitriy Sklyar at 847-509-9700 ext. 311 or email at [log in to unmask] * *************************************************************************** *************************************************************************** * TechNet mail list is provided as a service by IPC using SmartList v3.05 * *************************************************************************** * To subscribe/unsubscribe send a message <to: [log in to unmask]> * * with <subject: subscribe/unsubscribe> and no text in the body. * *************************************************************************** * If you are having a problem with the IPC TechNet forum please contact * * Dmitriy Sklyar at 847-509-9700 ext. 311 or email at [log in to unmask] * ***************************************************************************