JFORD1@UA1VM.BITNET (James Ford) (06/03/89)
This was taken from an IBM SIG conference. This is *NOT* a
virus/trojan warning/alert; however I thought it might be of interest.
James
Original-From: Sysop Of 107/522
Original-Subject: .ZIP Utility ALERT
FILES UPLOADED TO YOUR SYSTEM THAT HAVE BEEN COMPRESSED UTILIZING PHIL
KATZ'S PKZIP/PKUNZIP UTILITY COULD CRASH YOUR SYSTEM WHEN UNZIPPED!
As most of you know it is possible to reprogram your keyboard (and
other things) using ANSI Escape sequences... .ZIP programs will allow
the use of ANSI in the comments section... I have received several such
"innocent looking" files in the last two weeks. One caused my F1 key to
display a wide DOS Directory, the other attempted to delete all files on
my hard drive!Ralf.Brown@B.GP.CS.CMU.EDU (06/08/89)
Yeah, this has been making the rounds on the DR_DEBUG echo on FidoNet (with lots of heat and little light). The two real solutions so far are to use STRIPZ to strip the comments, and to omit ANSI.SYS or use an ANSI replacement without the keyboard reassignment (ZANSI but not NANSI). As pointed out by people who got upset by the PK-bashing that ensued, ANY archiver which allows comments (PAK, ZIP, ZOO, etc) can become the source of a key-reassigning escape sequence. Ralf
manderso@ugly.cs.ubc.ca (mark c anderson) (06/08/89)
In article <KPETERSEN.12500295852.BABYL@WSMR-SIMTEL20.ARMY.MIL> JFORD1@UA1VM.BITNET (James Ford) writes: >Original-From: Sysop Of 107/522 >Original-Subject: .ZIP Utility ALERT >[...] > As most of you know it is possible to reprogram your keyboard (and >other things) using ANSI Escape sequences... .ZIP programs will allow >the use of ANSI in the comments section... I have received several such >"innocent looking" files in the last two weeks. One caused my F1 key to >display a wide DOS Directory, the other attempted to delete all files on >my hard drive! Of course, such tricks are hardly confined to ZIP comments. Anything that might be printed on the screen is a candidate -- even a text file, for instance. But putting these codes in the comments field of an archive is pretty sneaky. And they get a wide distribution, too. --- Mark Anderson <manderso@ugly.cs.ubc.ca> {att!alberta,uw-beaver,uunet}!ubc-cs!ubc-ugly!manderso jr yrg gur jrveqarff va
swh@hpcupt1.HP.COM (Steve Harrold) (06/08/89)
Re: "trojan" comments This warning is not limited to ZIP files. ANY "readme" type of file has this potential to undo your machine. Beware of any instruction that says: "...to display the latest update to the program just enter TYPE README at the DOS prompt". It is safer to browse the file via an editor that presumably will filter out the escape sequences before presenting them to the screen. Sigh! Whatever happened to old-fashioned innocence?
davidsen@sungod.crd.ge.com (William Davidsen) (06/13/89)
In article <12630014@hpcupt1.HP.COM> swh@hpcupt1.HP.COM (Steve Harrold) writes: | Re: "trojan" comments | | This warning is not limited to ZIP files. ANY "readme" type of file | has this potential to undo your machine. True. I recommend the following (using zoo as an example) when looking at the comments on an archive: zoo V newstuff > untested.tmp list untested.tmp Assuming that you use Buerg's list program for your lister. BTW: has a recent version been posted? bill davidsen (davidsen@crdos1.crd.GE.COM) {uunet | philabs}!crdgw1!crdos1!davidsen "Stupidity, like virtue, is its own reward" -me
kip@m2-net.UUCP (Kip DeGraaf) (06/20/89)
In article <739@crdgw1.crd.ge.com> davidsen@crdos1.UUCP (bill davidsen) writes: > True. I recommend the following (using zoo as an example) when looking >at the comments on an archive: > zoo V newstuff > untested.tmp > list untested.tmp >Assuming that you use Buerg's list program for your lister. Why not just do this? zoo V newstuff | list /s /s tell LIST to expect its input from a pipe instead of a file.
ejablow@dasys1.UUCP (Eric Robert Jablow) (06/21/89)
In article <739@crdgw1.crd.ge.com> davidsen@crdos1.UUCP (bill davidsen) writes: > > True. I recommend the following (using zoo as an example) when looking >at the comments on an archive: > zoo V newstuff > untested.tmp > list untested.tmp >Assuming that you use Buerg's list program for your lister. > > bill davidsen (davidsen@crdos1.crd.GE.COM) A better method is: zoo V newstuff | list /s The /s switch for list causes it to take its input from standard input. In fact, if you create a file named TOLIST.BAT and put it in a directory in your PATH consisting of the following one line: @command /c %1 %2 %3 %4 %5 %6 %7 %8 %9 | list /s you can have the output of any command with fewer than 10 parameters that uses ordinary DOS screen services (not direct screen writes) sent to list. (DOS 3.3 or higher assumed.) I am lazy; I abbreviate this using CED as 2l. -- Eric Jablow {allegra,philabs,cmcl2}!hombre\ Big Electric Cat Public Unix {bellcore,cmcl2}!cucard!dasys1!ejablow New York, NY, USA New address: eric%sbmath@sbee.sunysb.edu.