VANVLECK_TOM@tandem.com (06/27/91)
Mac and PC applications that read structured data files might be tricked into executing a trojan horse by an ill-formed input file. Given garbage input, word processors, picture displayers, and spreadsheets sometimes crash by executing an illegal instruction. If the bytes making up this instruction come from the data file, the data file can act as a virus installer. I don't know if a DIR A: command can be tricked in this way; proving that it can't be, no matter what's on the floppy in drive A, would be a hard job unless the code is thoroughly defensive. I do not believe such a trojan horse data file exists today. We should - - change scanners to scan all files, not just code - - identify applications that are vulnerable to this attack and suggest they be repaired or avoided Tom Van Vleck <vanvleck_tom@tandem.com>