On 24 Mar at 04:51, David Desrosiers of 1:320/2600 wrote to All:
DD> Here's a weird one that I just thought of...
DD> Would it be possible to imbed some executable code into the .ZIP
DD> comment that is in many .ZIP files that shows up before it's unzip'd (not 
DD> the ones that show up after). I have been able to imbed ANSI as well as 
DD> control characters (BELL, TAB, and so on) in mine, but I wonder if I 
changed 
DD> it to binary, if it would infect/load when the file was unzip'd....
DD> Ideas anyone?
That got tried years ago. 
Can't work as the comment code is never executed and the ZIP file is treated 
as data. 
The comments are directed to STDOUT (so you can see the comments) and so such 
things as BELL etc will work.
Self unpacking zip (and others) are a problem if they are infected. It is 
this problem that will transfer file viruses around the Internet.
Of course, if one scans all downloads, the problem will be detected in time.
We hope.
Regards,
Chris Maddock
chrism@softtech.brisnet.org.au
--- Msged/386 4.00
---------------