Talk:Christmas Tree EXEC

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Security  
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer Security.

I'm editting here[edit]

FYI, I'm the "Ross Patterson" from the RISKS Digest reference in the article. I'll be careful and only make changes that are supported by other sources. RossPatterson (talk) 01:07, 31 October 2008 (UTC)

Refusal to execute "CHRISTMAS"[edit]

The article states that "IBM's internal mainframes refuse to execute programs named CHRISTMAS". However, the article also states the file-name was and only could be 8 characters long (CHRISTMA). I'm thinking that the mainframes refused to execute CHRISTMA or this feature is just made-up. I haven't changed the article, since I don't know much about it... (talk) 18:42, 1 March 2009 (UTC)

I've just deleted the comment. The {{Fact}} tag was six months old, so it looked like it would never get a reference. RossPatterson (talk) 20:04, 1 March 2009 (UTC)

Not entirely correct[edit]

IBM MVS systems have never been limited to 8 character filenames; only the member names of libraries, such as EXEC libraries, were limited to 8 characters. The "Christmas Tree EXEC" described here was actually not a worm so much as a spammy chain letter. GlennAllenII (talk) 16:36, 22 October 2009 (UTC)

It was VM/CMS systems, not MVS, and CMS files are (or were, prior to OpenEdition) named by a pair of 8-character tokens. Hence "CHRISTMA EXEC". One could argue about what it was, but what it most resembled 22 years ago was what we now generically call malware. It was a program, delivered over the net, which when run harvested addresses and sent itself to them from you. RossPatterson (talk) 18:32, 22 October 2009 (UTC)


There really needs to be a pop up or some kind of warning for the source code for the virus to warn you what you're about to open, because i thought the link was a SCREENSHOT of the worm, not the actual worm. I'm just lucky I have avast running real time. —Preceding unsigned comment added by Yutsi (talkcontribs) 03:53, 1 January 2010 (UTC)

Avast! didn't help you. It doesn't run on the only type of system where this worm can run. Nonetheless, the link to the source was removed about 8 months after your comment, and several years later the server hosting it was shut down. RossPatterson (talk) 00:51, 7 January 2013 (UTC)

Personal anecdote[edit]

I received this file, read the source code, went "Heh, that's cute", and executed it to send the Christmas card to my address book. I didn't think through the implication of what would happen if all the recipients did the same -- remember, this was before the RTFM worm. :-) --SarekOfVulcan (talk) 22:08, 4 February 2011 (UTC)