Friday, 19 June 2009

Suspicious.avi.exe

Last month I wrote about the fact that Windows (XP, Vista and 7) hides file extensions by default. In my view this poses a security problem. Let's illustrate this using a real-life example...

I received a malicious email yesterday that contained a link to a file called bestvideo.avi.exe.

If I was silly enough to download this file then my PC would show the file as being called:

bestvideo.avi.exe

If my default settings were in place (hiding the file extension), then the file would be called:

bestvideo.avi

In both cases, double-clicking the file would run the executable file. In the latter case, a user might expect Windows Media Player to run and to load and display a video file but that's not going to happen.

More than likely the real result would be that the program would run and would make some changes to the system, such as editing the hosts file or downloading further malicious software. Whatever it does, it won't be anything useful.