Mail Viruses - True or false? ("JOIN THE CREW" message)

[Byron C. Mayes]

On Thu, 19 Feb 1998, Jamie McCarthy wrote:

> > I do suspect that Java can be used to hack via e-mail.  If
> > you use Microsoft Outlook, that will automatically load all HTML files...
> > I wonder if you could just put a java script / java in there to run a
> > virus file?  Please correct me if I am wrong.
> 
> Java runs in a "sandbox" which cannot harm your computer or its
> files in any way.  That's the theory, and so far the theory has held
> up pretty well.

Java is relatively safe. JavaScript, however is still a bit untamed. I've
seen (and have at home) a fairly simple script that will pull up the
autoexec.bat file and display it in a window (I use a mac at home, so it
didn't find the file...but I knew what it was trying to do). If it can do
that, then why not something more damaging? One reason I don't use web
browsers for e-mail. (let me see if I can find this file once again)

This is, of course, much different from GOD TIMES, JOIN THE CREW, and 
related hoaxes, and even if someone started putting evil javascripts in 
mail messages, they wouldn't affect anyone reading mail w/something other 
than a web browser, or reading mail with a web browser (or Outlook) but 
no JavaScript.

Still, every time I get JOIN THE CREW forwarded to me by a staff member, 
I have to think about my reply. I'm not sure I can just fire off the 
standard, "It can't happen," line without forethought.

Byron

 Prof. Byron C. Mayes
 Systems Librarian/Assistant Professor
 Hunter College of the City University of New York
 695 Park Avenue * New York, New York 10021
 bcmayes at shiva.hunter.cuny.edu  * 212-772-4168 * Fax: 212-772-5113