Heh, back in IE3 or IE4 days the temporary internet files directory would commonly save files temp files with the domain they came from without an extension. So if you visited microsoft.com it could save some asset in temp internet files as 'microsoft.com', which a com file is a valid executable extension. Of course this would trigger many anti-virus programs to scan it and now freak out that random content is ending up in executables.
It took a bit of time between Microsoft making the temp internet a 'special directory' and AV working properly in the directory, and the browser not saving attacker controlled literals to the filesystem to get past these. Also fun in NTFS because it could cause bluescreens was the AUX, CON, PRNT filenames.
When I was quite young, I remember visiting a website on a public library machine (probably running Windows 98 at the time) which mistakenly downloaded a .com file instead of showing a page. I opened the .com (expecting it to be the file I wanted to read), and instead got a console window that showed some gibberish and then started up the printer.
Surprisingly, the random text in the program was interpreted as valid program code. I was too young to understand exactly what had happened at the time, but now I understand it's because one of the valid forms of .com programs is a headerless chunk of x86 code for DOS, and I guess that website's output just happened to (a) not immediately crash and (b) invoke the DOS service for printing.
Reminds me of a similar story from my childhood. I was also quite young at the time, accessing the public library OPAC from my home computer, and noticed the URL for the page ended in (I think) `.exe`. I know now that the OPAC was likely using CGI[0], but at the time I was curious, and somehow was able to download this `.exe`, Given it was a`.exe` and that it actually ran, I can't have just saved the webpage. I have a vague feeling I might have stripped the query parameters off the end of the URL, and that caused the web server to serve up the underlying `.exe` file. But whatever happened, when I ran the file, all it did was cause my printer (a parallel port one, not USB) to start printing blank pages.
Hafas (the system of record for train scheduling information for Deutsche Bahn and the national Polish railways) does the same thing. An example URL is[1].
Both have better consumer frontends now (although I remember Deutsche Bahn still recommending this system around 2019), but those systems ultimately get all their data from this one, as far as I'm aware.
Is there any format for a .com that isn't just a headerless chunk of x86 code??
(Which also means it's extremely difficult to determine if a .com file really is an executable--there's no signature. It either decodes or it doesn't--and most bytes decode correctly because you want to pack the commands in as densely as possible. Things which will not decode are packing inefficiencies.)
(And back from the Z80 days I remember very carefully crafting assembly code that could be embedded in a BASIC program without causing it to puke. Some commands were unavailable and some values were not permitted--amongst them, zero.)
If you rename a normal PE .exe to .com it will still run. We used to do this all the time in high school to bypass the IT department’s ban on .exe files in student home directories.
It took a bit of time between Microsoft making the temp internet a 'special directory' and AV working properly in the directory, and the browser not saving attacker controlled literals to the filesystem to get past these. Also fun in NTFS because it could cause bluescreens was the AUX, CON, PRNT filenames.
Your post just reminded me of that kind of issue.