From: "Niels Petersen" 
Reply-To: NielsP{at}bigfoot.com, Fidonet AVtech Echo 


Hi andrew.

30-Mar-04 19:09:52, andrew clarke wrote to Jasen Betts


 ac> Sat 2004-03-27 21:25, Jasen Betts (3:640/1042) wrote to Rod
 ac> Gasson:

 RG>>> The Internet, Zip files, doc files with embed macro's, and so
 RG>>> for are still nothing more than transport mechanisms - the virus
 RG>>> code STILL needs to be executed before an infection can take
 RG>>> place.

 JB>> you open a zip file and nothing gets run, open a document and
 JB>> some automatic macros can run,

 ac> You might recall that around 10 years ago, this wasn't so true.
 ac> It is possible to insert harmful ANSI sequences into ZIP file
 ac> comments.  PKUNZIP would display the ZIP file comment when
 ac> extracting (or even viewing) the archive, which ANSI.SYS would
 ac> intercept.

IIRC you had to turn on ansi in the pkzip config file (or on the copmmand
line)

it was also possiblr to insert a file called "con" into the zip which would
be displayed on extracting... that'd bypass the ansi filter, but that trick
was blocked when ther made version 2 (version 2 now prompts to "overwrite")

 ac> I think the most harmful thing possible was to
 ac> redefine the keys on the keyboard though.

That's still enough to erase someones hard disk

And there are boot sector viruses that only needs a floppy to be inserted in
the drive as I recall.  No need to run a file.

 Cheers
Niels

--- ifmail v.2.15