RFI: [LINK] The ZIP email and the PDF email
Rick Welykochy
rick at praxis.com.au
Mon Jul 2 12:59:15 AEST 2007
Roger Clarke wrote:
> I've always assumed that:
> (1) the squillions of .zip attachments to spam (and the recent trickle
> of .pdf attachments) contain .exe content mis-labelled; and
> (2) those machines with settings that allow auto-invocation of
> attachments process them based on what they contain, rather
> than on what the suffix says they're supposed to contain.
>
> But, in my ignorance and laziness, I've never actually checked how the
> various (mal)configured Windows environments actually work.
>
> From what Rick's saying, have I been wrong? i.e. does the suffix
> actually determine what Windows environments do with incoming attachments?
Ah, I hadn't even pursued that line of thought.
This is how the filename extension scam works on Windows (NO OTHER OS
has this problem!)
By default, Windows is configured as follows: DO NOT SHOW FILENAME EXTENSIONS.
Thus, if a file named rick.zip.exe is sent to me, I will see rick.zip. When
I double-click or let Windows auto-open, it will indeed RUN AN EXECUTABLE.
This is a very old style of exploit that sadly still works on millions of
Windows boxes. It is an example of "ease of use" causing a huge problem
once Windows migrated to a networked environment.
Repeat after me: Windows never was and never will be suitable for use on
an open and hostile public network.
That said, in the case of the PDF and ZIP emails I am talking about,
the files are actually PDF and ZIPs respectively. Example:
$ file rick at praxis.com.au.zip
rick at praxis.com.au.zip: Zip archive data, at least v1.0 to extract
$ file Invoice_d241674c10.pdf
Invoice_d241674c10.pdf: PDF document, version 1.3
I am disinclined to open either file, although they do appear to be what
they advertise. There is a (remote) possibility that either of these
file exploits known vulnerabilities in ZIP and PDF handling on any OS.
cheers
rick
--
_________________________________
Rick Welykochy || Praxis Services
Our enemies are innovative and resourceful, and so are we. They never stop thinking
about new ways to harm our country and our people, and neither do we.
-- George W Bush, Washington DC, 20040805 (http://www.dubyaspeak.com/)
More information about the Link
mailing list