3 min read

Six tricks scammers use to con you into clicking a malicious .exe file

Loredana BOTEZATU

October 20, 2011

Six tricks scammers use to con you into clicking a malicious .exe file

 

For years, security experts have been saying you`ll be safe if you steer clear of opening .exe files you randomly encounter online.

Well, they`re wrong.

Cyber crooks, a resourceful bunch, employ a wide variety of methods to trick you into downloading and executing a binary file. They can get you even if you are 100 percent certain you`re opening a text document, image or other file format.

Here are some examples of how they do it:

1. The “hide known file types” method

Windows systems have an option to hide extensions for known file types set to `on` by default. This means that, as long a program is installed to handle a specific file extension, the system won`t display its extension. For instance, a file with a name such as “name.jpg.exe” will appear in explorer as “name.jpg” where JPG seems to be the real extension of the file, and not .exe. Add a JPG icon to that file and you have the perfect bait for the unwary user. However the system will execute it as an .exe file.

2. The “shortcut method”

Take the situation in which a shortcut towards a malicious file is created. This shortcut can have any name and of course, any extension, (let`s take here as an example a file with an .jpg extension). And if the shortcut is set to execute the command “C:WINDOWSsystem32cmd.exe /c name.jpg”, the shortcut of the malicious file in our example having a .jpg extension will be executed as an .exe file, no matter the extensions added at the end.

3. The “RTLO” method

A file with the name “Al[RTLO]gpj.exe”, where [RTLO] passes as a white (invisible) character that forces the characters to align from right to left, will appear in explorer as “Alexe.jpg”. Although JPG appears as the true extension of the file, the Windows Explorer will treat the file as it really is, namely an executable file.

4. The “Registry” method

Associating a certain extension to a file type is possible just by setting some values in interface or in Registry so files with a certain extension are treated as files with completely different extensions (particularly executables are of great interest here). For instance, when double clicking a JPG file, the system will try to execute it just like an application, rather than sending it to whatever photo viewer you may have installed on your PC. More to the point, the attacker only has to take a virus, change its extension from EXE to JPG, then send it to your compromised computer for viewing. You may believe that this is a JPG, but your system will know better and thus treat it like a regular exe file.

5. The “debugger/spoof application” method

Debugging is a technique that helps programmers find errors in their applications. They are a great help in spotting the problems and are a vital component of writing, testing and running software. When something goes wrong, you can attach a debugger to a specific application to see what happens when it runs.

Cyber-crooks have been using this debugger method for a while in order to force a legit application you might be frequently using (such as the Windows Calculator) to such a debugger. Except for the fact that, instead of a legit debugger, they associate it with a virus. So every time run that application, the virus (associated to that app as its debugger) is also initialized. Say, if notepad.exe has set as debugger malware.exe, every time notepad.exe is opened, implicitly any file with .txt, malware.exe is also initialized.

6. The “exploit” method

This method doesn`t really imply any tricks as the file extension is in plain view. However, making use of the vulnerability of various file formats, an exploit can execute code, initialize a file that was either on the disk or downloaded from the Internet. For instance, opening a rigged PDF file will drop and install a piece of malware without the user even realizing that something is something wrong.

 

All these being said, it is highly recommendable that you have a good antivirus on your system at all times. Don`t click or download anything unless you trust the source.

 

This article was written with the help of my colleague Doina Cosovan, BitDefender Virus Analyst.

 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read