...

<< > Auto-Launch attached binaries in E-Mail <-- Can we say G**dT*mes? It was my understanding, that the so-called GoodTimes virus was a farce, apparently aimed at specific commercial spammers. G**dT*mes is a hoax.

I'm talking about a bug in Outlook (Express?) that will execute code when email messages are opened.

G**dT*mes and its ilk are hoaxes, which infect the mind of some readers, causing Fear and Panic, and propagating around like chain letters. But the fear-causing part is the assertion that if you read the message, it will execute on your computer and do Bad Scary Things. In the case of G**dT*mes, this was bogus, but it doesn't have to be. In a passive-mail-reader environment, this won't happen, because there's no reason your mailreader will execute commands embedded in email, but if you've got a mail-reader that executes scripts sent to it in the mail, you don't need the human reader's participation to spread things, you just need to tell the mail-reader to propagate and then do whatever payload you've sent along as well. The IBM Christmas-Tree Virus didn't use Fear to execute - it promised the readers an amusing animated Christmas Tree on their terminals (back when that was still perceived as cool :-) and if the sucker ran it, it ran its propagation phase before or during the animation. And back when we used Real Terminals instead of emulators, you could send a crafty escape sequence to an HP2621 or VT100 to stash material in a register or on the screen and get it sent back to the computer. If you made a good guess about the environment, this was enough ("Quit mailreader, run /tmp/boom".) There was an article in the SFChron or Oakland Trib in spring 1979 about how "hackers at Berkeley" discovered a security hole in "the Unix, a computer made by DEC", which was really a terminal exploit. How good is that VT100 emulator you're using to telnet to that shell account? . . . . . . . ESC[42m; . yeah, that was fake.....