Thursday, August 26, 2010

what is an execution precedence companion virus?

an execution precedence companion virus is a type of companion virus that takes advantage of the precedence or order in which DOS tried to find a partially specified executable file when attempting to execute it.

the canonical example is one where a DOS command is issued that would normally execute a file with an *.EXE file extension - should there be a file with the same name but a *.COM extension in the same directory, the *.COM file will be executed instead. in order to hide the fact that there was something unusual going on, the *.COM file would generally then explicitly execute the *.EXE file so that the program the user intended to execute actually gets executed.

whenever there are multiple executables with the same name but different file extension in the same directory, the system will always use a set rule to decide which takes precedence over the others. *.COM files take precedence over *.EXE files, which in turn take precedence over *.BAT files, and so on...

back to index

0 comments: