Author: Robert Hyatt
Date: 03:02:24 07/30/98
Go up one level in this thread
On July 29, 1998 at 23:21:05, Ernst A. Heinz wrote: >On July 29, 1998 at 13:02:50, Robert Hyatt wrote: > >>On July 29, 1998 at 11:02:18, Ernst A. Heinz wrote: >> >>>On July 29, 1998 at 10:42:56, Tom Kerrigan wrote: >>> >>>>How do people know so much about this virus and not know how to remove it? >>>>I mean, you know when it goes off, you know it has some sort of counter, you >>>>know how it reproduces, etc. >>>>I think you've been had. >>>> >>>>Cheers, >>>>Tom >>>> >>>>On July 29, 1998 at 10:15:19, Fernando Villegas wrote: >>>> >>>>>Hi all: >>>>>I just has been warned, one minute ago, that a virus created in Argentina was >>>>>introduced in the email server of the three most important internet servers of >>>>>Chile and this one has been dispersed each time one of us has used the email >>>>>service. The virus will launch 31 julio and it is murderous. It destroy >>>>>everything. The warning was given by a known argentinian gropup of reasearch and >>>>>has been taken seriously here. Until now no remedy is known, except to avoid use >>>>>the computer that date. Changing the date in the computer is not enough; the >>>>>virtus has its own time counter. So, any guy here that has received an email >>>>>from me in the last week or so, -you, Steven, for certain, Bruce Moreland, Don >>>>>dailey, Moritz, etc- please take a look at this warning. I know sometimes theses >>>>>are fake warning, but this seems to be the real thing. Normal antivuiruis >>>>>programs does not detect less destroy it. Anything new I know about this I will >>>>>commmunicate before of after that date. I will not take risk. >>>>>Fernando >>> >>>This is the zillion-th example of the so-called "good times" virus about >>>which even a FAQ exists somewhere on the net. >>> >>>The claims are complete hoax but the hysteria created by them is the *real* >>>virus because countless warning messages get sent over the net wasting >>>precious bandwidth and human nerves ... >>> >>>=Ernst= >> >> >> >>Nope.. this one is real, has been documented by CERT and others, and there are >>fixes available from web browsers that have the problem. Netscape has a notice >>about this on their web site... > >Bob. > >I know about the virus that exploits "input buffer overflows" on x86 machines >running Win95/98 while using IE or Navigator as your email reader. > >Please re-read Fernando's initial warning that does not speak of such >a specific threat but rathers warns of an "omni-potential" beast that >launches on a certain date (not just when you read the email message), >destroys anything, and is not neutralizable (allegedly even not so by >reknown computer experts). > >This is the typical "good times" scheme which bets on non-experts to >spread the hoax manifold. And the scheme apparently still works ... > >=Ernst= with this particular bug, the "good times" scheme is possible, because you could write whatever code you want and have it execute on the target machine using this hole. I just had this happen on my linux box, where someone exploited a similar hole in "named" to get superuser access, and the left something that would run periodically to snoop the net and grab passwords and mail the to an anonymous site for collection. Sounds like the "good time" scheme might actually work with this hole. Maybe everyone will wake up and get rid of gets()... it's already scheduled for removal from the posix and ANSI C standards...
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.