I know this sounds fishy, but this is really just for the science, and knowledge. |
Riiiight.
Personally, I don't mind answering these questions, because I know that someone who asks them is not in any position to make use of the answer.
No, in the general case it's not possible to create a data file such that when another program reads it, code will be executed (i.e. what's known as an "arbitrary code execution attack"). In specific cases, it's possible to do this if you know certain details about your target. Specifically, you need to know that the target will use a specific version of some decoding software, and you need to know that that version has a bug that can be exploited to produce the desired effect. For example, before Windows XP versions prior to SP2 had a bug in the PNG codec that allowed arbitrary code execution.
Text files cannot be used for this kind of attack because a) they have a very simple format, such that it's practically impossible to hide anything, and b) the number of programs capable of reading text files is simply too numerous.
No, a program cannot delete itself because the executable that contains its code is locked while the process that is executing it is running. However, if given sufficient privileges, a program is capable of injecting code into the address space of another process, and have that process delete the file when the original program terminates. This injected code will remain while the injectee is running, but will disappear without trace when the injectee terminates.