Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) Newsgroups: comp.virus Subject: Re: Can such a virus be written .... (PC) Message-ID: <0001.9106281824.AA04058@ubu.cert.sei.cmu.edu> Date: 27 Jun 91 17:41:35 GMT Sender: Virus Discussion List Lines: 42 Approved: krvw@sei.cmu.edu Good grief - this question reminds ne of John Carpwenter's "The Thing", it just will not die. >> Is it possible to write a PC virus which installs itself whenever >> you place an infected disk in the drive and do a DIR command ? NO, NEIN, NON, NEGATORY - you cannot write a virus to infect when an uninfected PC does a DIR of an infected floppy disk (unlike the Macintosh) I don't care about batch files (which also execute, just interpretedly), ANSI control sequences (which also execute), or 1-2-3 macros. In order to subvert the DIR command (not that difficult) something MUST execute and a PC will mot execute ANYTHING without being commanded to (boots result from a microcoded command designed into the CPU - part of the reason for the 640k "barrier". Of course, once resident, code can tell the processor to do anything it is capable of doing via software, the operating system doesn't care, and at any time. You want the PC to play "Yankee Doodle" at 5 pm? easy. You want all the letters to fall down in a pile on the bottom of the screen every half hour ? trivial. But they all must execute first and that takes human help either by leaving a floppy in A when booting, or by executing an infected file (.COM, .EXE, .BAT, .WK1, .SYS, .APP, or whatever). If DIR could infect, it would be easy for an infected user to say both/he/it she just put the disk in the drive to see what it was, but no, they HAD to have tried to run "ASTROT*T" or "Kermit vs the Naked Nazi Nymphs" or "1ON2" or that un-tested program with the hand-lettered label in Arabic/Swahili/Kanjii. While software commands could be hidden in a batch file with sequences that would prevent reading by TYPE (but not from LIST or even WordStar) and be passed as an unscannable uuencoded, packed, compressed file, at some point some person had to tell it to execute whether or not they knew thay were doing so. Only then can a virus (or any other malicious software) infect a PC. Padgett If this doesn't kill the subject, I'll have to use a lead pipe.