Network News

X My Profile
View More Activity

Hiding In Plain Sight

Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file?

nice.jpg

It's actually an executable file (one that installs programs) made to look like a text file. But if you're a Microsoft Windows user and this were a file you downloaded off of the Web or from an e-mail, you may not be able to tell. Making this judgment hinges on whether or not you've changed the default behavior of Windows (more on that in a bit). If you haven't, be careful. This is one way attackers are manipulating Windows settings to slip malicious files past unsuspecting users.

What's going on here, you ask? By default, Windows hides file extensions for known file types. Your average Windows user when he or she opens up their "My Documents" folder, doesn't see the ".doc" extensions that accompany Microsoft Word files, or the ".pdf" extension that is appended to Adobe PDF files (hat tip to a malware security advisory from Websense for reminding me of this pet peeve).

Let's say I'm a virus writer, and the computer worm I want to spam out to the rest of the world is called nice.exe. If I rename that program to "nice.txt.exe," the file will appear to Windows recipients who haven't changed the default settings as "nice.txt."

No doubt this feature was the brainchild of Microsoft engineers who decided that too many people would be confused by those pesky file extensions added onto files. But the net result has been a trade-off between security and usability. This type of miscalculation has unfortunately come to define the sort of security problems that have plagued the Windows platform over the years. Interestingly, file extensions also are hidden by default in Windows Vista, not just in XP.

Fortunately, changing this behavior in Windows is relatively simple. Open up Windows Explorer, click on "Tools" in the menu bar, and select "Folder Options." From there, click on the "View" tab. Scroll down to the entry labeled "Hide Extensions for Known File Types," and un-check the box next to it.

By Brian Krebs  |  October 31, 2007; 11:42 AM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Spammers Tempt Surfers to Help Solve Captchas
Next: 'Net Governance Body Punts On WHOIS Privacy

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company