lotus
previous page: 51 Can a virus hide in a PC's Upper Memory or in High Memory Area?
  
page up: Computer Viruses FAQ
  
next page: 53 Can viruses spread from one type of computer to another?

52 Can a virus infect data files? (Computer virus)




Description

This article is from the Computer Viruses FAQ, by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.

52 Can a virus infect data files? (Computer virus)

Some viruses (e.g., Frodo, Cinderella) modify non-executable files.
However, in order to spread, the virus code must be executed. Therefore
"infected" non-executable files cannot be sources of further infection.
Such "infections" are usually mistakes, due to bugs in the virus.

Even so, note that it is not always possible to make a sharp distinction
between executable and non-executable files. One person's data can be
another's code and vice versa. Some files that are not directly
executable contain code or data which can, under some conditions, be
executed or interpreted.

Some examples from the PC world are OBJ files, libraries, device
drivers, source files for any compiler or interpreter (including DOS BAT
files and OS/2 CMD files), macro files for some packages like Microsoft
Word and Lotus 1-2-3, and many others. Currently there are viruses that
infect boot sectors, master boot records, COM files, EXE files, BAT
files, OBJ files, device drivers, Microsoft Word document and template
files, and C source code files, although any of the objects mentioned
above theoretically can be used as an infection carrier. PostScript
files can also be used to carry a virus, although no currently known
virus does this.

Aside from the above, however, there is an increasing possibility of
viruses spreading through the sharing of data files. More and more we
see the ease with which software producers give their programs the
ability to embed "objects" of many kinds into document files, and into
fields in databases and spreadsheets. Perhaps the best-known of these
systems are Object Linking and Embedding (OLE) in MS Windows and the
OpenDoc format. As these embedded objects often have the ability to
"display" themselves we see that many files traditionally thought of as
data-only, will increasingly be containers carrying data and executable
code. We are not aware of any virus that specifically targets such
executable "objects", but it is now a trivial task to embed executable
files into some kinds of document files so they will be run when the
icon representing them is clicked in the finished document. There is
nothing to prevent infected executables being embedded in this way, and
thus for viruses to be spread through the distribution of "data files".

 

Continue to:












TOP
previous page: 51 Can a virus hide in a PC's Upper Memory or in High Memory Area?
  
page up: Computer Viruses FAQ
  
next page: 53 Can viruses spread from one type of computer to another?