can malware disguise itself as a legit doc,xls, or pdf file?

hi, i hope this question won’t make me sound stupid.
in my experience, most malwares (ever attack my comp) only hide the real files and copy itself. not really “infect” the file.
the virus create a fake ms word/excell icon with .exe extension.
so is it possible that there’s a doc, pdf,xls, txt (and other safe extension) contained malware?



All malware begins their life in notepad, so watch out for the .txt-files, they’ll destroy your computer :stuck_out_tongue:
No don’t worry, a text document made in notepad containing malicious code can’t do anything to your computer.

I think (almost) all files can contain malicious code, tho only some files(.exe, .vbs, .bat, .com, etc.) are able to execute the code so that it harms your computer.
And usually malware in a ‘pdf-file’ is really a double extension, like ‘file.pdf.exe’, since many people don’t see extensions, they’ll see ‘file.pdf’ only.


thx for the replies,

OK, i know you’re tired ;D

well, about the double/fake extension, disabling the “hide extension” option solve the problem, right? and about malicious txt code :stuck_out_tongue: as long the extension stay as “.txt”, then it’s safe, am i right?

i mean is it possible a malware infects a file without changing the extension? is it possible opening .doc/txt/xls (the real one,not double extension) can execute the nasty?
blahblah.doc ===>infected ===>still blahblah.doc

if it’s possible, than we’re doomed :o

.com malware? you mean there’s a chance to be infected by clicking “www. something .com” ?

i’m doomed twice.

Yes, but most people don’t know about that option.

Plain textfiles are safe, even if it contain all virus code in the world.
There’s macro viruses that’ll run in Office documents, but I think Wordpad and Notepad are safe, since they don’t have any macro functions(not sure about Wordpad tho).

Yes, you can get infected by visiting a website that contains malicious code, but with .com I meant DOS command files :wink:


I asked the same question before. Melih and others said that as long as you don’t open/execute the files, they just lie dormant on your pc.

Even if a file is not executable itself, it can rely on buffer overflow to execute code off-road, I think. A buffer overflow attack can enable an opened non-executable file to place malicious code in parts of memory where it will get executed. Not sure however. Plan text might be too limited but I think I’ve heard (in this very forum) of image files (jpg etc) performing buffer overflow to run malicious code --not sure myself how trustworthy those statements are however. And of course, that’s what Comodo Memory Guardian is for. :slight_smile:

I’ve also heard about macros in Office, although I think you can configure Office so that they don’t get run. I’ve also read (in the Wikipedia) about .com files disguised as URLs, for example one can name a virus “” (yuck!), that’s a valid NTFS filename. Of course the .com file won’t feature the small arrow that characterizes Windows shortcuts, but a lot of users won’t notice it.

Yes that’s true. CMG will protect against it, and Microsoft releases security updates to patch those security vulnerablities.


aaah, that’s a relief

i love will smith even more :smiley:

:Beer :Beer :Beer

thx guys, now i can sleep.

Don’t forget about Alternate Data Streams…

Thank you, sir. You just had to awaken the bun face :-. He was just about to lower his paranoia, too :frowning:

now what is this? :o :o :o and pls don’t give me wiki. my brain can’t take it.

;D ;D ;D ;D

Thank you, sir. You just had to awaken the bun face Undecided. He was just about to lower his paranoia, too Sad

Here’s a nice read and it’s not a wiki ;D

LOL. thx. it takes 3 times reading the article to understand ;D (i need to buy a new brain) and this is what i’ve got from

Amazingly enough, Alternate Data Streams are extremely easy to make and require little or no skill on the part o the hacker. Common DOS commands like “type” are used to create an ADS. These commands are used in conjunction with a redirect [>] and colon [:] to fork one file into another.

:o :o now what do i do?!?!?!?!?!

Shocked Shocked now what do i do?!?!?!?!?!

LOL. Panic ;D

Here’s one for free:

Let me try dumping fuel to the fire: then there are malware that contains the exact same filenames and paths of once-legit files. Let’s just say that if you encounter something like that (assuming you finally figured it out), might as well bring a hammer and repair your computer because it’s already too late :-X

then there are malware that contains the exact same filenames and paths of once-legit files this is BAD! and AV/Antimalware can’t catch it too?

GOD! i should get another job. :o . i think i’ll try to become a shaman and doing “voodoo” things ;D
hey, about the brain picture, do you have a big one? i wanna use it as my wallpaper ;D

thx guys, now i know that i know nothing about computer security ;D
:Beer :Beer

A referenced wiki page is one of THE best resources.

An exploit in the adobe reader application could exist, allowing the modified pdf file to execute code through a buffer overflow or other type of attack.

i have CMG

now this is problem, could you pls explain a lil bit further?
now i wonder how many ways could be there to attack comp? i feel somewhat … fragile

Any good AV/Anti Malware util won’t be fooled by a malware hijacking the name of a legitimate process.They don’t rely on the name of the file to determine it’s legitimacy,there are things such as digital signing using MD5 checksumming,plus of course heuristics and behavioural monitoring.