Home of the Guides to (mostly) Harmless Hacking Brought to you by... The website computer criminals don't want you to read!

Securing Your Computer: Showing File Extensions in Windows

By Matt Smith, President of Litchfield County Computer

     Here you'll learn how to protect yourself from what I think is one of the worst security flaws in Window, a flaw that can wreak havoc but takes just two seconds to fix -- and, it's easy to do.  This vulnerability is hidden file extensions.

     All files consist of the filename followed by a period followed by a 3 character extension (setup.exe for example).  Windows hides the file extension by default.  This means that if you are in Windows Explorer and you are looking at the file setup.exe all you will actually see is the file's icon and the word setup.  This is bad news because it allows a malicious attacker to disguise a nasty file as a file that will appear to be safe and you won't know there's a problem until you open it.  This is done using what I call the “double file extension” trick.  Here is how it works:

     Let's say you have an executable for a backdoor trojan that you want to disguise as some porn so your victim will open it up and the file is named porn.exe.  All you need to do is rename the file to porn.jpg.exe.  Notice what I did here.  The file appears to have two extensions now but the last one (the .exe) is the one that counts.  If you have your file extensions hidden what you will see is porn.jpg, think the file is harmless, and open it up.  Congratulations, you just got owned.  If file extensions are set to be viewed you will see porn.jpg.exe and instead of opening it -- DO NOT OPEN IT!!! you hopefully realize right away that something is amiss and delete that file WITHOUT OPENING IT!!!.  Here is how you set Windows to show file extensions:

For Windows XP

  1. Go to Start --------> Accessories ---------> Windows Explorer
  2. Go to Tools ---------> Folder Options
  3. Click the View tab
  4. Clear the check in the “Hide Extensions for known file types” box
  5. Hit OK

For Windows Vista and 7

  1. Go to Start ----------> Control Panel
  2. Click Appearance and Personalization
  3. Click Folder Options
  4. Click the View tab
  5. Clear the check in the “Hide Extensions for known file types” box
  6. Hit OK

There are many types of files that have the potential to harm your computer. This link takes you to a list of these.

YOU CAN GO TO JAIL WARNING: Yes, you can use the information in this article to help you commit computer crime.  However, doing so can get you a long vacation at Club Fed with Bubba as your cellmate.  Even if you don't get a vacation, Carolyn and I hate computer crime and we may have to track you down and punch you in the nose :).



Google Groups
Subscribe to Happy Hacker
Visit this group

[an error occurred while processing this directive]
Privacy policy      © 2013 Happy Hacker