New Malware Warning

Hee hee, true.
It's a catch 22 situation
Luckily this forum will unhide the extra extension and display the full name of the file.
Note however that this may not be true of all forums.

 

Nothing wrong with being cautious shiney and I certainly don't take offense.

In fact I just tried to upload a test exe file and the forum did not allow it, so even better.
It only seems to accept files like jpg, pdf and so on.
However one file type that it does accept is a .zip which could be a problem as one could put one or more files in a .zip archive and those files could have the multiple extensions.

It would certainly be interesting to hear from one of the admins.

 

As a simple test, I have attached a small text file with multiple extensions.
See how each extension is shown.

 

Sorry, we're just veg & flowers department, @clueless1 is away at the moment, he'd know

 

Oh very interesting I caught a nasty virus a while ago ,So off down to the Geeky Bloke in town who sorted it £40 worth, and I learned that these nasties slip in with innocent downloads even had one try to get in with my BT account, He removed AV and replaced it with Microsoft Essentials I run Windows 7 So far so good, but have of late had a nasty little program that constantly comes up as,( give us your comments) http:wwwblinky...etc not sure what to do about it it darkens my screen, Firefox declines it but it is persistent reckon it will be another visit to the geeks.

 

OK, until clueless1 can give us confirmation, here is the guide posted as text and pics so nothing to download.

PROCEDURE TO ENABLE THE VIEWING OF “KNOWN AND SYSTEM” FILES IN WINDOWS 7

(Note that the same concept also applies to XP but the procedure is slightly different)

STEP 1
Go to “START” then “Computer” then double click on your main hard-drive (normally C: )

STEP 2
You should now see all the folders in your C: drive.
Now do as shown in the picture below:



STEP 3
Follow the instructions below in sequence:


Now click on “OK” and all done.

 

Hi rosietutu

If this pesky little program only pops up whilst you are using your web browser, it could very well be part of an add-on or plug-in you installed for FireFox.
Luckily FireFox has a feature that allows one to decide which add-ons and plug-ins to disable so it may well be worth a try.
Click on Tools-->Add-Ons-->PlugIns and see if it's listed.

EDIT:

Also check Tools-->Add-Ons-->Extensions.

 

Very interesting but my Windows 7 machine does not show things the way your Screen shots do.
Not that it matters my machine was set up to show all extensions when we bought it.

 

Hi Palustris

Depending on the individual settings and "themes", things could be different.
The screen shots I posted were for a stock standard install which I suspect is what most people will have.
Glad to hear that your machine was set up like that from the word go.
If only more places would sell computers set up like that.

 

It helps if one has sons who a. design micro chips for a living
b. can and do build their own PC's
daughters who are a. incredibly IT literate
b mother to sons who are probably the next generation of Virus writers or maybe not.
I asked the supplier of our machine to set it up this way on advice from the brats!

 

You can't rely on the file extension to indicate if something is safe or not. Consider this:

* Many image file formats are compressed. Such formats contain a header block that describes which codec (a piece of legitimate program that knows how to decompress the file into something presentable) to use. Many times over the years malicious programmers have found exploits that enable them open up a 'way in' by messing with the image header data.

* Lots of legitimate file formats have various programs associated with them, so as soon as you open them (or in some cases even just preview them), they run the app they're associated with. 99.9% of that time that file association will be legit, but if you're machine has previously been infected, the file associations may have been messed with, causing a seemingly innocent file to run something dodgy.

Virus writers have had to get clever in recent years, as security suites have improved and Microsoft have plugged many holes in Windows. Gone are the days when you simply spread an infected executable file.

The biggest threat to the security of your PC nowadays is the squishy organic component between the keyboard and seat. The trick is termed 'social engineering'. You trick the user into lowering their defences by inviting them to actually invite the malicious code in (trojans, phishing, and more recently, outright scaremongering).

But that's not always enough. The clever hacker knows that as soon as you realise your machine is infected, you'll throw every anti-malware app you have at it until its gone. So the common trick now is to make a sort of double payload. The first component, which 9 times out of 10 the victim will have unwittingly downloaded themselves, and said yes when Windows asks them if its allowed to run as admin. That component often slips through the anti-malware suite for two reasons, 1) because you actively let it through (social engineering), and 2) because it doesn't do anything to your system that a typical system admin wouldn't want to do. That latter point is the important point, because often that seemingly innocent change is to change your browser's home page or add an extension to your browser. The trouble is, and remember I said its a sort of double payload, that change to the home page or installation of a browser extension means that every time you open your browser, and that could mean double clicking on certain image files if they are associated with the browser, the browser automatically downloads the second half of the attack, which is often much more serious. It can do that because in the first half, you granted admin access to the piece of code that makes the change.

So, in short, never rely on file extension alone to decide if something is safe or not.

The best defence is common sense. Keep your anti-malware suit bang up to date, check for reviews of software you're thinking of downloading from credible websites before you actually download them. If your browsers says it thinks the site is dodgy, do some good reading on other sites before you ignore the warnings (sometimes they are wrong, sometimes its just an expired certificate for example). Install a pop-up blocker with good reviews from a credible site, as part of your anti-malware suite, then the usual stuff, like don't open stuff if you don't know where its from, and if your machine does look like its infected, have no qualms about doing a hard shutdown (hold your finger on the power button for a few seconds until it just cuts the power), restart in Safe Mode (press F8 during boot up) and then run your anti-malware scans in safe mode.

And don't panic, and don't worry. As it gets harder to hack the machine, hackers are increasingly turning to tricking/scaring the user into letting them in. If you stay cool, stop and think, you're going to be much harder to get past than if you start clicking all sorts just because legit looking messages start telling you all your data will be deleted unless you run this nasty little app.

 

It is true that one cannot just use the file extension to determine if a file is safe or not, but it is a very popular attack vector and should not be overlooked.

As regards the file headers, yes some formats can me messed with but others like bmp and svg cannot as the headers only contain information such as pixels/inch, a palette and things like vertical and horizontal dimensions.
Then there are files such as simple ascii or unicode text files which have no headers at all.
The ones that are problematic are the older versions of .doc (for Word) and .xls (for Excel) which can include macros and vb scripts which depending on your security settings, can wreak havoc.
The newer .xlsx and .docx are in a zipped xml format and the scripting privileges have been greatly reduced.

Another way people often get their computers infected is by sharing USB drives.
There are quite a few viruses that modify the boot sector of these USB flash drives and some can even create raw (and therefore unseen) sectors on the drive which hides the payload.
One way to reduce this risk is to disable the autorun feature when a USB drive in inserted.