You might recognize MZ if you're used to seeing its hexidecimal equivalent: 0x5A4D. In fact, the ASCII character combination MZ, placed at the beginning of a simple text file, can turn a document into a virus suspect and make that document act strangely. On a recent project,-plain text files set off alarms that caused my organization's mail gateway to quarantine email messages and Microsoft Internet Explorer (IE) to alert users to possible malicious content.
Because MZ is the internal code for a part of my organization (and also the International Organization for Standardization—ISO—short code for Mozambique), the reports the organization sends out frequently begin with this code. But what would cause IE to mistake a simple text file for a potential threat to the client machine? "Magic" numbers. The magic numbers are sequences of bytes that begin binary files, validating the contents to the using application—and the number designating a DOS executable is 0x5A4D. To a Web browser or email scanner, a DOS executable means potential danger. Text file or not, IE alerts the user whenever the initial bytes of a file match this sequence. If you open Notepad and drag Notepad.exe onto Notepad's program window, you'll quickly discover the ASCII equivalent of this initial binary sequence: MZ.
