Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: kelly@uts.amdahl.com (Kelly Goen)
Newsgroups: comp.virus
Subject: Re: Virus in Text Files
Message-ID: <0012.9004091138.AA06134@ubu.cert.sei.cmu.edu>
Date: 7 Apr 90 22:14:42 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 18
Approved: krvw@sei.cmu.edu


 Agreed no NON executable file can be used to infect however another
technique without providing examples would be the case of a bat file
being used to feed debug along with infectious code(SMALL) being kept
beyond the EOF marker in the last allocated cluster... note all DOS
routines(I/O) read the Entire cluster(not just up to EOF...) this can
be quite a bit of spare space on present drives... more ambitious
schemes would be a triply/redundant encrypted shadow file system using
either Hamming or other ER schemes such as Reed Solomon...this could
be used to store quite sophisticated system
penetration/Interdiction/ICE-Breakers...  with out visibility to
normal virus scanners(most use the FAT and/or Directory Structures to
analyze the disk...) this vunerability does in certain cases extend to
other OS's besides **-DOS.... Something indeed to think about....still
another reason to upgrade completely to MMU managed
architectures(386/486 etc) using the VM8086 model ...
      cheers
      kelly