70033.1271@CompuServe.COM (Steve Albrecht) (07/26/90)
Concerning the spread of viruses from diskettes which contain no DOS executable files, e.g., *.EXE, *.COM, *.SYS, and *.BAT files, I understand that the only ways that a virus can spread from this diskette is if (1) a boot track, or partition table virus, is present, and the computer is booted from this diskette, (2) executable virus code is contained under the guise of a data or text file, and is renamed to a *.EXE, *.COM, or other such executable file and subsequently executed, (3) executable virus code is hidden in a WordPerfect, 123, or other macro. Am I correct in my understanding? Thanks in advance for any assistance. Steve Albrecht MIS Field Services PLAN International 70033,1271@compuserve.com
CHESS@YKTVMV.BITNET (David.M.Chess) (07/28/90)
Steve Albrecht <70033.1271@CompuServe.COM> asks if a diskette with no *.EXE, *.COM, *.SYS or *.BAT files can spread a virus infection in any way except by having a boot-sector virus and being booted from, having an executable file that is present under another name and is later renamed and run, or having a virus in a word-processor or spreadsheet macro. There are a few other ways that those categories may or may not cover. If the diskette is infected with a boot-sector virus, but does not contain a copy of the operating system, booting the machine with that diskette in the drive can infect the system, even though the computer "does not boot" (the "non-system disk or disk error" message appears). If the diskette contains any files that any program treats as code, they may be infected; this includes EXE, COM, BAT, and SYS files and application macros, but also *.BAS files (interpreted by a BASIC interpreter), files intended for interpretation by REXX or LISP interpreters, and so on, and even (although we don't know of any such viruses at the moment) source code (*.PAS, *.C, etc). It also includes any overlays or auxiliary-code files which some other program will load via the DOS load/execute function; these are sometimes named *.OVL, but they may be called anything at all. The 1813 virus, for instance, will infect such files, and we have seen 1813-infected files with extensions of "DAT" and "BIN" and "BSP". Basically, there are all -sorts- of things that are "executable" enough that a virus could be written to spread between them, and are therefore probably worth protecting in critical applications. DC