Windows 7 Vulnerability in Windows Explorer Tricks Users Into Opening Malware
Windows 7 RC is now available, but even though they have fixed multiple bugs and vulnerabilities, it seems that they may have forgotten one that leads way back to Windows NT.
The guys over at F-Secure have found a major vulnerability in Windows Explorer. It looks like just anyone can disguise a file as another file type by inserting a false file extension into the filename and using a familiar icon that misrepresents the intention of the file. The files can fool you into clicking something that may seem like a harmless picture, but turns out to be an executable file that destroys your hard drive. The way the file name is structured takes advantage of the fact that Windows Explorer hides file extensions by default. So what may seem like horrible_malware.txt is actually horrible_malware.txt.exe.
Confused? Here is an example:
Looks like a simple text file, right? Well, let’s see what happens when it is opened:
Here’s how you can make sure you don’t get tricked. Open any Windows Explorer window, or click on the folder icon in your superbar. Press Alt, select Tools, then Options from the menu.
Then click on the View tab, and make sure Hide extensions for known file types is unchecked. Then press OK.
Keep in mind that you can now easily change file extensions since they are no longer hidden. Changing a file’s file extension can make the file unusable. Generally, file extensions should not be changed or erased at all. Windows does warn you with a prompt window when the file extension is changed.
As always, be careful with what files you download and always equip your computer with anti-virus software. Alternatively, you can also scan the file using a major online virus scanner such as VirusScan.Jotti or VirusTotal.
Related posts:
Tags: F-Secure, hidden, virus, vulnerability, windows 7, windows explorer
To discuss this topic, head on over to our forums!
18 Responses to “Windows 7 Vulnerability in Windows Explorer Tricks Users Into Opening Malware”
Leave a Reply
To discuss this topic, head on over to our forums!
Loading ...
was this ever fixed at all? i remember this issue is around it has been ages.
The fix could be very easy – if a file contains double extension (or more), show all of the extensions.
If the file don’t have double extension, there is no need to show it.
This will not prevent people from opening a file, called readme.exe (showing as “readme”) with a notpad-icon. The solution for this is to show the extension for executable files or give a warning, of you tries to open an executable file in Windows Explorer.
“Normal people” only need to open exe-files in explorer, to run setup-programs and if the run setup programs with malware, they are screwed anyway.
ok i will try to be polite to all of you especialy the writer of this “article”(????):
LOOOOOOOOOOOL!!!!!!!!!!! at you guys..
LOL?
The problem exist. Its a question about fooling the user into believing that a file is something else than it is.
That F-Secure comes out now and claims that it is a security hole now, even though it has been around forever, does not change the fact that it is a way to fool the user.
But with that said – I don’t believe that the problem is that big. Maybe for users downloading random files, but they have an entirely different problem.
lol… this ‘bug’ is used by spammers for months and years now… just put angelinajolie-naked.jpg.exe in the attachment of emails…
This bug / feature is implemented since windows 98
LOL wow.. I wouldn’t be that stupid as to open such an obvious file. That’s not really a vulnerability… it’s more of malware authors getting desperate with their mischievous attempts.
Please someone with Admin preveleges do DELETE at last the whole that COMEDY! PLEASE.-
FUNNY
I also ran in to that problem when i used the computer for the first time when it was windows 98…I hope microsoft would fix the problem..Thanks for the Windows 7 Team to bring it to our concern
lol @ the article/author ! this has being there for ages.
btw..where the hell is UAC?
UAC is there for a reason..got it?
Ya exactly. This is a stupid post… Joke or not.
UAC would DEFINITELY prompt the user if a hard disk operation is about to happen cuz of an app (whatever name it hides behind)
the article is just not right.
OMG they work so hard finding bugs!!!111oneone
You guys at f-secure win 3 internets.
I’m sure many people already know about there are still a large portion of readers that probably don’t know.
Also seeing many blog posts around about this issue may get MS to actually start paying attention about it.
in addition to all of that i mention earlier. a tester or an article author CANNOT use a name such as “sucks” (c:\sucks)(????..) for a folder name or whatever LOL x 2 !!!!!!!!!!!!!
After being prepared to write off F-Secure as a resource, I read their original post. They state, quite clearly, that this issue has been around awhile, since the NT days. The point of their post was not to point out anything new, but more of a “why hasn’t this default behaviour been changed yet?”
Netten Weblog hast du hier. Bin gerade eben
i am only using free virus scanners like avast and avira but they seem to be great tools though.’.