And yet another one. I can't see this type getting past COMODO or past your HIPS, but your AV/Antispy might not be ready for this scenario:
http://isc.sans.org/diary.php?storyid=1862Malware with new features. Disables the Windows Firewall, does keylogging, maps the computers location, and sends everything to an FTP server where it's sorted by location. Plus installs a whole host of additional malware. Thank you, Microsoft, for the default setting 'hide file extensions for known file types'. The Loveletter virus is probably the best example of hidden double-extension tricks, and that was rather long ago. And the stupid default setting remains in XP and in Vista! Are they doing this on purpose or what?!
P.S.1) To 'unhide' ALL extensions - Microsoft's directions:
- select Start | Settings | Control Panels | Folder Options
- select the View tab
- UNcheck "hide file extensions for known file types"
- Click OK to finish
P.S.2) But don't let Microsoft fool you! Even after you unhide the extensions using the above steps, you still cannot see certain hidden extensions for files ending with .shs, .pif, and .lnk (a suspicious case of Microsoft's infinite wisdom). Unfortunately these files are executable, and are rapidly becoming the most popular choices for many Trojan horses, such as "Movie.avi.pif" which will look like "Movie.avi", and "ReadMe.TXT.SHS" which will look like "ReadMe.TXT". Instead of being a movie and text file, respectively, they could both be dangerous Trojans. To really show ALL hidden file extensions, open regedit and type in the search field:
NeverShowExtDo a search and delete ALL objects in the right window with this value.
Paul Wynant
Moscow, Russia
A quick and trouble free way to close the vast majority of inherent flaws within the default XP configuration is to use a utility called Samurai.It basically 'hardens' the system against many threats by closing many security holes,switching off unsafe services etc.
http://www.download.com/Samurai/3000-2092_4-10422273.html
Author