Back to the main page

Mailing List Logs for ShadowRN

From: John E Pederson <pedersje@******.ROSE-HULMAN.EDU>
Subject: Re: Happy99.exe: Don't open it!
Date: Thu, 4 Feb 1999 08:46:20 -0500
A Halliwell wrote:
>
> And verily, did Jett hastily scribble thusly...
> |
> |The Subject is self-explanatory. I checked it by Adam before sending
> |this notice: it's the real thing. I'm sending this so you know how to
> |get rid of it, in case I inadvertantly sent it. I had to delete it from
> |my system after picking it up from another mailing list. Luckily it
> |doesn't seem to be destructive, just irritating, and it's fairly easy to
> |wipe clean.
> |
> |The virus disguises itself as a neat little program that, when opened,
> |displays Java-style fireworks. When you open it, it creates a couple new
> |files that hang around on your harddrive and send itself out through
> |your e-mail, usually without you knowing (bugger!).
>
> Errrrr....
> E-mail should *NOT* have access to the JVM. Java is for the WEB, and in
> there, it is supposedly secure.

Spike, she said Java-*style* -- the file is a standard Windows-type
executable file. Among the spiffy things it apparently does (heard of
it somewhere else, but have forgotten where) is replace your winsock
file with one of its own and then it spams the addresses you send mail
to with copies of itself.

> If you have an e-mailer that auto activates Java applets, all I can say is
> GET A PROPER MAILER!
>
> (Anyone who knowingly executes ANY binary from an unknown source is a total
> moron who doesn't derserve a computer.)

Maybe, but it might help if you said such things with a little ...
tact:) More importantly, it comes addressed as though sent by the
person who has the infected system, the headers are perfectly valid,
etc. Chances are that the people who get this thing *do* trust the
source -- that's the problem with this one.

> It might help if, instead of scaremongering, you actually gave some relevant
> facts, like what mailer your talking about...

Just to reiterate: it isn't based on your mailer, but you're safe if
you don't use Windows.

> If it's internet explorer or netscape mail, then USE A REAL MAILER!
> (they're WEB browsers!)

*sigh* I would have to say that Netscape Messenger is a few steps up
from NS Mail was, Spikey. Plus, it's damnably convenient for me:)

Canthros

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!