Path: utzoo!attcan!uunet!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: CHESS@YKTVMV.BITNET (David.M.Chess) Newsgroups: comp.virus Subject: Diskettes w/o DOS Executable Files (PC) Message-ID: <0001.9007301317.AA00380@ubu.cert.sei.cmu.edu> Date: 27 Jul 90 17:37:10 GMT Sender: Virus Discussion List Lines: 27 Approved: krvw@sei.cmu.edu Steve Albrecht <70033.1271@CompuServe.COM> asks if a diskette with no *.EXE, *.COM, *.SYS or *.BAT files can spread a virus infection in any way except by having a boot-sector virus and being booted from, having an executable file that is present under another name and is later renamed and run, or having a virus in a word-processor or spreadsheet macro. There are a few other ways that those categories may or may not cover. If the diskette is infected with a boot-sector virus, but does not contain a copy of the operating system, booting the machine with that diskette in the drive can infect the system, even though the computer "does not boot" (the "non-system disk or disk error" message appears). If the diskette contains any files that any program treats as code, they may be infected; this includes EXE, COM, BAT, and SYS files and application macros, but also *.BAS files (interpreted by a BASIC interpreter), files intended for interpretation by REXX or LISP interpreters, and so on, and even (although we don't know of any such viruses at the moment) source code (*.PAS, *.C, etc). It also includes any overlays or auxiliary-code files which some other program will load via the DOS load/execute function; these are sometimes named *.OVL, but they may be called anything at all. The 1813 virus, for instance, will infect such files, and we have seen 1813-infected files with extensions of "DAT" and "BIN" and "BSP". Basically, there are all -sorts- of things that are "executable" enough that a virus could be written to spread between them, and are therefore probably worth protecting in critical applications. DC