-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>Each virus targets a specific function. One tried to nab my email config and
>address book files, the other went for my pgp key listing. Fortunately, my
>computer's setup doesn't allow anonymous/unknown packets to be transmitted,
>so I nipped it in the bud. Previously I was sent 3 viruses, and the third
>one apparently went for my PPP config files. The virus deletes itself,
>successful or not. It was designed specifically for PCs.
This makes no sense; either it's a virus or it's not. If it is a
virus, then (by definition) it must have some method of replicating
itself (e.g. Melissa, which sends itself to other people via e-mail).
Otherwise it's a Trojan horse, in which case you have to execute some
malicious code sent to you by someone who wants your PGP key or has
somehow managed to infect whatever s/he sent you accidentally with
some third party's Trojan horse.
This is not just a matter of symantics. If, in fact, this "virus"
really does attempt to steal your PGP keys, it must also spread itself
(in a Melissa-like way, for example) to other people such that it is
feasible as an unattended data collecting device. Otherwise, whoever
wrote it is pretty stupid (in the case the s/he was attempting
large-scale PGP pilfering) or was targeting someone in particular (in
which case, this is indeed a Trojan horse).
The lesson here is that, as always, one should use virus protection
and should be sure not to execute binaries that you get from someone
you don't completely trust. If you're executing something that
someone sent you, in effect you are allowing them to sit at your
keyboard and control your computer as you. If you wouldn't allow them
to actually do that, you shouldn't execute what they send you.
Riad Wahby
rsw##NOSPAM##@mit.edu
droid##NOSPAM##@media.mit.edu
5105
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Processed by Mailcrypt 3.5.2, an Emacs/PGP interface
Charset: noconv
iQA/AwUBOKzpI4h6K+kZMcamEQLaTQCg6DT1U2T/bSyC7HoO3X9rYY4T9OgAoIeI
Gyj8ZP1wqQoyAyseYaYevj9Z
=prQS
-----END PGP SIGNATURE-----
