 |
> Support > Good Times Hoax | 8.4.x |
 |
Good Times Hoax |
Subject: Re[2]: Virus Warning alert (from v.manzella)
Author: Ron Herardian at GSS
Date: 12-19-96 07:36
Right, this is re-hash of the "Good Times" virus hoax. If you consider what it's saying carefully you'll see that it's absurd. Obviously, a text e-mail message body can't delete your hard drive. It would have to (a) be a program and (b) be loaded, as a program, into memory by the OS or called by a running program. It would be real hard to get your virus code from an e-mail text item into the CPU's instruction registers, especially if the hexadecimal values for the code had to map into readable English text! I don't know if you've ever tried typing a program before but there isn't usually much readable text in there.
Seriously, a weakness in a particular e-mail program might be exploited in a way similar to this, i.e., as in the the internet worm case, but if such a weakness were uncovered and exploited, which would be far more difficult for e-mail than for ftp (for the reasons noted above), only one specific e-mail program would be affected, and probably only specific versions.
I think we're safe from the "Penpal" virus.
Ron
--
Subject: Re: Virus Warning alert (from v.manzella)
Author: "cc:Mail Interest Group" <CCMAIL-L@LISTSERV.OKSTATE.EDU> at INTERNET
Date: 12-18-96 04:27
GOODTIMES with another name and just as it's name sake, a hoax.
Subject: Virus Warning alert (from v.manzella)
Author: "cc:Mail Interest Group" <CCMAIL-L@LISTSERV.OKSTATE.EDU> at
Internet-Mail
Date: 12/18/96 7:03
I thought this would be worth forwarding to this list....
Suzanne
Broughton_Suzanne@hq.navsea.navy.mil
------------------------------------
For your information:
This is reliable information
Vince Manzella
----------
a message i received from a friend at BELL ATLANTIC
-- If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. This is a warning for all internet users - there is a dangerous virus propogating across the internet through an e-mail message entitled "PENPAL GREETINGS!".
DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are interested in a penpal, but by the time you read this letter, it is too late. The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone who's e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it! And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!
Good Times Hoax Update
Subject: Re: Is it another hoax ?
Author: Ron Herardian at GSS
Date: 01-24-97 10:00
Yes. It is a joke both literally and technically. Basically, his is re-hash of the "Good Times" virus hoax.
If you step back and think about what's involved you can see why this is absurd. A text e-mail message body cannot delete your hard drive. For a virus to get from a static message body (data being manipulated by an application) to running it would first have to be a binary executable (not text) and it would have to be be loaded as a program into memory by the OS or called by a running program, e.g., as a DLL.
To do this, the CPU's instruction pointer would have to skip from the application code to the starting memory address of the virus program which is the application's data. i.e., a file attachment. Given an attached virus program file, it would have to be loaded into memory, and the application or OS would have to change the CPUs instruction pointer to start executing data rather than the e-mail program's own code. In addition to the virtual impossibility of accomplishing these things through mere message text, a properly written program would never be capable of executing its data lieu of its own code. In the Internet worm case, it was a serious bug of this kind that made the whole thing possible.
A weakness in a specific e-mail program might be exploited in a way similar to this, i.e., as in the famous Internet worm case, but it would be difficult because the mechanisms necessary to do it would be specific to one e-mail package and to one platform/OS. In the Internet worm case, the OS was UNIX.
Some interesting possibilities arise through cross-platform macro and scripting languages such as Word Basic and Lotus Script. The Word Macro Virus is an example of this.
The biggest risk in Internet-connected shops is from users downloading files over the Internet with web browsers and ftp utilities. More program files come in this way than through e-mail. Nonetheless, if you're concerned about viruses via e-mail, buy MIMESweeper from Central House Technologies.
Ron
--
Subject: Is it another hoax ?
Author: "cc:Mail Interest Group" <CCMAIL-L@LISTSERV.OKSTATE.EDU> at
INTERNET_ROUTER
Date: 01-24-97 03:59
Hi CC:Mail administrators,
Just received the attached mail talking about "PENPAL GREETINGS" virus.Is it a hoax similar to the "GOOD TIMES" virus we had seen on the NET or is it for real ?
Any info/confirmation will be most welcome.
Debasis Sengupta
Unicef , Abidjan
________________________ Forward Header ______________________________
Subject: Warning: VIRUS!!!
Author: Fiona Robertson <100664.1072@CompuServe.COM> at INTERNET
Date: 1/22/97 6:25 AM
FYI -
Subject: Warning: VIRUS!!!
If anyone receives mail entitled "PENPAL GREETINGS" please delete it WITHOUT reading it. Below is an explanation of the message and what it would do to your PC if you were to read the message.
This is a warning for all internet users - there is a dangerous virus propagating across the internet through an email message entitled "PENPAL GREETINGS".
DO NOT DOWNLOAD ANY MESSAGE WITH THIS TITLE.
The message appears to be a friendly letter asking if you are interested in a penpal but by the time you read the letter IT IS TOO LATE! The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus and once the message is read, it will AUTOMATICALLY forward itself to anyone whose email address is present in your mailbox! This virus will DESTROY your hard drive and has the potential to DESTROY the hard drive of anyone whose mail is in your inbox and whose mail is in their inbox and so on. If this virus remains unchecked, it has the potential to do a great deal of damage to computer networks worldwide!
Please delete immediately the message entitled "PENPAL GREETINGS" as soon as you see it and pass this message to your friends, colleagues and relatives and readers of the newsgroups and mailing lists which you are on to prevent damage by this virus.
 |
©1995-2005 by Global System Services Corporation (GSS). Portions
of this material are copyright ©1995-1999 by Ron Herardian