TIP: Click on subject to list as thread! ANSI
echo: virus_info
to: DAVID DESROSIERS
from: RICK COLLINS
date: 1996-12-26 17:37:00
subject: Virus infect picture
-=> Quoting David Desrosiers to Rick Collins <=-
-=> FidoMail to 1:163/215, please.-=<
rc> The image viewer doesn't _execute_ the image data. It's _data_,
rc> not code. And, no, it's not the same thing as a "macro virus". 
rc> Macros _are_ expected to be executed. 
DD> Macros are INTERPRETED, not executed. The macros are
Semantics, and a meaningless one.  "Interpreted" simply means the
macro instructions are converted to an executable form "on the fly"
by the macro interpreter and executed.  GWBASIC is an interpreted
language.  Doesn't matter:  in the end, instructions are _executed_.
dd> interpreted by MS-Word. The images could also be INTERPRETED in
dd> the same manner. What about reading a binary newsgroup where
dd> there 
But, they're _not_.  That's the salient point here;  a GIF or a JPEG
contains data that is _acted upon_ by the viewer; it is _not_
"executed".
dd> are MIME-encoded images in the group. Netscape Mail (or whatever
dd> reader you're using) has the ability to decode the files on the
dd> fly so you can view them. If the MIME-encoded portion had some
dd> viral code in it, it would also be possible to have Netscape act
dd> as the infector, by decoding and interpreting what it saw. If
But Netscape _doesn't_ "interpret" the data.
dd> you knew enough of the Netscape API, you could tailor a nasty
dd> virus that worked in this fashion. (This isn't limited to
dd> images, since Netscape has hundreds of built-in interpretors and
dd> more plug-ins than I can count). 
No, you're wrong.  _This_ could happen, though:
A "false" version of Netscape could be written that would examine
MINE-encoded data for a "viral signature", and when found, could
cause that "data" (which was not image data at all, but malicious
code) to be executed, infecting the system.
_That_ would work.  But, and it's a BIG but:  first, you have to
introduce that Trojan version of Netscape to the target system before
any of this could happen.  And, of course, the user wouldn't have
"Netscape" on his system, only something the _thought_ was Netscape.
Kurt:  That would be a "Trojan" according to the definition I
presented some time ago. :-)  Not that I want to get into _that_
again.
TTFN. Rick.
Ottawa, ON 26 Dec 17:48 
--- Blue Wave/DOS v2.20
---------------
* Origin: BitByters BBS, Rockland ON, Can. (613)446-7773 v34, (1:163/215)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.