[ISN] Windows 7 RC ignores file extension security risk

From: InfoSec News <alerts_at_private>
Date: Thu, 7 May 2009 00:32:00 -0500 (CDT)

By Gregg Keizer
May 6, 2009 

Windows 7 Release Candidate (RC) continues a long-running Microsoft 
practice that puts users at risk, a security researcher said today.

The new operating system's Windows Explorer file manager still misleads 
users about the true extension of a file, said Patrik Runald, chief 
research advisor at Helsinki-based F-Secure Corp. Rather than reveal the 
full extension for a filename, Windows Explorer hides the extension for 
known file types, giving hackers a way to disguise malware by using 
those file types' extensions and icons.

Windows Explorer, for example, will show the .txt icon and display 
"attack.txt" as the filename for a Trojan horse that's actually been 
named "attack.txt.exe" by the hacker. The practice goes back to at least 
Windows NT, and has been criticized in the still-popular Windows XP and 
the newer Windows Vista.

"People typically look at the icon to know what the file is," said 
Runald. "If it looks like a Word doc or a PDF file, there's an implicit 
trust in it, and users are more likely to click on those files, even if 
they are actually an executable."


LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information
Received on Wed May 06 2009 - 22:32:00 PDT

This archive was generated by hypermail 2.2.0 : Wed May 06 2009 - 22:41:33 PDT