On Thu, 4 Mar 1999, Robert Russell wrote:
>
> I have to raise a question, or two.
>
> I often receive similar messages, but I must assume that a virus is a
> program of some sort and must be able to run in order to be able to
> carry out its intended function. So my understanding is that a virus
> must be attached to email and must first be dettached and caused to run
> before any damage may occur.
>
> In the case of macro virus' an inffected spread sheet, for example, must
> first be opened by the application.
Both these assumptions are quite right, unless there is some
specific security flaw in the receiving a mailer-daemon or mail user
agent. For instance some mail programs allow for spawning a shell
and execute commands if the message contains a specific character
sequence. I believe Outlook Express and Netscape Mail for Win95
have a security flaw like this. (It might have been fixed, but I
don't know)
> Is there some sort of virus or worm (I used to believe there was some
> sort of difference) that may merely "hitch hike" on email and not be
> required to be dettached and run?
Not with current e-mail technology, but this may be coming soon.
Think of a HTML-email with java(script) that runs some malicious
code. It is up to the programmers of e-mail clients to prevent
this from being possible. It will however still have to be run
to do damage, but the mail client might do this automagically.
> Also, it seems to me that if that were the case, a very clever way to
> spread a virus would be to attch one to an email of just the nature of a
> warning, with the explicit instructions to send it to everyone in one's
> address book.
How right you are. They could even be attached as executables,
claiming to remove the (non-existant) virus the mail
is warning of. Try to imagine a Happy99-like virus/trojan
sending automatic virus warnings to everybody. Scary!
These hoaxes are in fact computer viruses,
which just use biological agents for spreading. They are
completely independent of operating systems, and unfortunately
they have very small requirements.
> BTW, I am not giving anyone a hard time, but raising some valid
> questions.
>
> Regards,
>
> Bob Russell
Yes, these questions are certainly valid. I just hope that my
answers will prevent just a few people from forwarding a just
a few hoaxes.
Remember to protect your computer! Practice safe hex!
Regards
Ole Kofoed Hansen
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
