Forwarded: Second Virus Warning

Lief M. Hendrickson (hendrick@NOSC.MIL)
Mon, 5 Dec 1994 10:05:16 PST

> This came in from ARTIFACT today.
> There is a virus on America Online being sent by email. If you get
>anything with the header "Good Times", DON'T read it or download it. It is a
>virus that will erase your hard drive.
> Yes, I know that it is quite possible that these warnings are simply hoaxes
>or computer folklore, but better safe than sorry.


While polymorphic viruses are out there, there is a limit, at
least currently, to their powers. As far as I know, a virus has
to get into an executable file to do it's damage. It can be in a
stand-alone *.exe or *.com file or work its way into memory via
an application file. It's highly unlikely that a sequence of
characters could be in a message file that would cause your
email-read software to put the virus code into memory.

What you have to watch out for is certain types of "attached
files". Executable files can be put in an encoded format of text
characters that have to be decoded by some software for the
executable files to be formed. This is a way to send executable
files by email software that only handles text characters. The
attached file would be at the end of a message file and look like
a bunch of random text characters. (I'd give an example of random
text characters, but someone might think it's a virus!) You could
read these characters, but they wouldn't make any sense until
they were decoded. Simply looking at them doesn't make the virus
pop out. If virus code were embedded, it wouldn't cause damage
until it's formed by decoding the file. Most email-read
utilities don't automatically decode attachments though yours may
be different.

It's always a good policy to back up your critical files and
check your disk with a good virus-detecting utility on a regular
basis. It's indeed "better to be safe than sorry". However, the
ultimate being safe is to not connect your computer to any
outside communication. After all, if someone is smart enough to
embed virus code that can be formed by an email read utility,
they may also be smart enough to mask headers. It could then be
transmitted with a variety of headers- making all messages