The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #366 [letter bombs, viruses, and so forth] (1 message, 922 bytes)
NOTICE: recognises the rights of all third-party works.


From: [email protected] (Matt Bishop)
To: phage
Date: Tue 16:15:29 17/01/1989 EST
Subject: letter bombs, viruses, and so forth
References: [Thread Prev: 365] [Thread Next: 367] [Message Prev: 365] [Message Next: 367]

   I am looking for information about two types of events.  If nyone
can give me more details, or -- better yet -- the  USENET message IDs
(for the first type) or firsthand experience I can quote (for the second),
I'd sure be grateful.

1.  About 4-5 years ago, a "letter bomb" was sent around net.sources.
This looked like a shar file, but after unpacking some files it executed
"cd ; rm -rf *" and echoed BOOM!  A lot of people apparantly got bit by it.
I have also been told that sometime later, a program which claimed to
recover rm'ed files was posted -- but it was another trick.  Does anyone
have either the articles in question or know any specifics beyond "yes,
it happened"?

2.  Does anyone have any DOCUMENTED cases of UNIX viruses?  (Yes, I know
about the Internet worm -- but I mean a virus that maliciously altered
files on disk.)  If you know of such an event occurring, please let me

   I need this information for a paper I'm working on; a question has been
raised about the vulnerability of UNIX to viruses (as opposed to the
internet worm) and I want to get some real examples I can use to say,
"Here's why you should be concerned."  It's so much more effective than
arguing by analogy ...

Thanks for any pointers anyone can give me,