On Thu, 4 Mar 1999, Robert Russell wrote:
I have to raise a question, or two.
I often receive similar messages, but I must assume that a virus is a program of some sort and must be able to run in order to be able to carry out its intended function. So my understanding is that a virus must be attached to email and must first be dettached and caused to run before any damage may occur.
In the case of macro virus' an inffected spread sheet, for example, must first be opened by the application.
Both these assumptions are quite right, unless there is some specific security flaw in the receiving a mailer-daemon or mail user agent. For instance some mail programs allow for spawning a shell and execute commands if the message contains a specific character sequence. I believe Outlook Express and Netscape Mail for Win95 have a security flaw like this. (It might have been fixed, but I don't know)
Is there some sort of virus or worm (I used to believe there was some sort of difference) that may merely "hitch hike" on email and not be required to be dettached and run?
Not with current e-mail technology, but this may be coming soon. Think of a HTML-email with java(script) that runs some malicious code. It is up to the programmers of e-mail clients to prevent this from being possible. It will however still have to be run to do damage, but the mail client might do this automagically.
Also, it seems to me that if that were the case, a very clever way to spread a virus would be to attch one to an email of just the nature of a warning, with the explicit instructions to send it to everyone in one's address book.
How right you are. They could even be attached as executables, claiming to remove the (non-existant) virus the mail is warning of. Try to imagine a Happy99-like virus/trojan sending automatic virus warnings to everybody. Scary! These hoaxes are in fact computer viruses, which just use biological agents for spreading. They are completely independent of operating systems, and unfortunately they have very small requirements.
BTW, I am not giving anyone a hard time, but raising some valid questions.
Regards,
Bob Russell
Yes, these questions are certainly valid. I just hope that my answers will prevent just a few people from forwarding a just a few hoaxes. Remember to protect your computer! Practice safe hex! Regards Ole Kofoed Hansen - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>