From: John Tserkezis 
Reply-To: Fidonet AVtech Echo 

David Drummond wrote:

>  JT>   If the file extension is COM or EXE, it *WILL* execute.  _How_ it 
>  JT> executes depends on the first two characters. 

> How many text files can you produce, that when they have MZ prepended, actually
> do something?

  None.  Aside perhaps from a batch file, and not being too concerned about the 
initial 'bad command or filename' error.  But I'm sure that's not what you meant.
  I was just going off on a tangent regarding the difference between COM and 
EXE files, and how the OS deals with them.  Unrelated to virii, or about Bob's 
paranoia on creating executables and how to get them into your system.

  Seriously though, we really are putting way too much thought into this.

  KISS.  Simple works.

  The _easiest_ way to spread a virus or trojan is to take advantage of 
people's ignorance.  Distribute via email (easy spreading) an executable that 
perhaps draws a dancing santa clause, or bunny rabbit, something perhaps 
related to that time of year.

  Make it do what you claim it to do in addition to any otherwise hidden 
malicous code.

  Not only will the virus spread within in their own system due to inherent 
virus nature, the users will *intentionally* send it to their friends as well.

  Sure it won't get into the ones with firewalls, virus scanners, those who 
don't run foreign executables etc, but who cares?  They only form a small 
proportion of the population out there anyway.

  Look at past virii history.  Non of them (well, very few anyway) would have 
been as big as they have been if it were not due _exclusively_ to user ignorance.
-- 
       -o)
       /\\    Message void if penguin violated
      _\_V    Don't mess with the penguin

Linux Registered User # 302622                         http://counter.li.org>
Fido: 3:712/610  BBS/FAX: +61-2-9716-8310  Internet: jt{at}techniciansyndrome.org
--- ifmail v.2.15