File Droppers

[alltaylor]

Hi,

How can I get someone to run an exe and/ or vbs from a file with a different extension, i.e. jpg. If someone tries to open this (trying to execute the code) IT JUST COMES UP AN ERROR. I have heard the name dropper being used.

Thanks in advance.

[ii-monk]

Just rename the file and put the name you want and in the end put .jpg . Simple, but not sure it's working.

[Keisha]

Hmm.

You wanna take an executable file or a vbs script and rename it so that....

Moron.exe or Idiot.vbs becomes Skiddie.jpg?

Now where have we all seen things like that before?

Go away and get a life. Nobody here(I dearly hope) is going to help you distribute a virus and make our lives harder.

And no, ii-monk, in most situations that wouldn't work.

-Keisha

[ZeroOne]

Keisha, he just wanted that the user would have got an error message of corrupted file or something. I don't know why he wants that, doesn't make any sense to me either, but ii-monk's message was THE answer. I guess he has the file extension hided, which is IMO a very stupid and an annoying option of Windows, when I enter a new Win box I always turn that off if the resolution is good enough (otherwise I first change it from 800x600 to 1024x786 and then toggle file extensions visible)... But anyway, to the question...:
Open "My computer", select "View", select "Properties", uncheck "Hide known file extensions".
Then you can change the extension of a file without the file getting double-extensioned.

-ZeroOne

[souleman]

ZeroOne> He doesn't want it to come up an error. It is comming up an error right now, and he doen't know why. He is doing what ii-monk told him to do. He renamed file.exe to file.jpg. This causes an error, because the file is NOT a jpg file. the way to do what ii-monk said is possible, but I am not going to explain it here. It can be defeated by turning off hidden file extensions, but not enough people do that. I will give you a hint though. you rename file.exe to something else, but it isn't file.jpg, but file.jpg is part of it....

[ZeroOne]

souleman> Yeah, now I see it...
ZeroOne

I also know how that could be done in a neat way but not going to tell since it can only be used for malicious purposes... Perhaps we should send him "explanation.txt"........

[draziw]

Well, some marketing weanie up in Redmond should be boiling in h*ll at this point because they wanted a way to cleanup the old 8.3 file naming scheme. So now, as yet another notorious side effect, we have people executing things that look like they shouldn't be executeable and severely *****ing their systems... *sigh* (saying anything more might be construed as "useful information" and, well, I'll refrain)

...and what about the default "user has complete and unadulterated privledges on their box." Sure, they own the hardware and thusly the software on it... but my login on my UN*X box, I can assure you, isn't "root" - and, if I'm root, I'm d*mn sure I know why or I'm going in to unfscksome file permission problem so I don't need the elevated perms, you can be sure... What would be wrong with a default "this webpage wants to install something on your machine and you don't have the permissions to so do" sort of warning...

One of these days M$ is just going to get the clue they the default "ship" should be "mostly closed" instead of "wide open." Too bad many of us may never live to see it... LOL


Time to get off my soapbox, I think... just preachin' to the choir, anyway, I guess...

[rcgreen]

Just for information's sake, the trick is done like this:
The VBS script or EXE file is named,
FILENAME.JPG.VBS or
FILENAME.MP3.VBS so that the poor
unwary person with extensions disabled
sees it as :
FILENAME.JPG or whatever
There's no special software that "drops"
or "changes" the extension.
The perpetrator just hopes that
the victim will have filename extensions
hidden, and will carelessly double-click the file

The whole concept of the GUI is flawed, in that,
when you double-click a text file, it executes
your editor or word processor;
if you double-click a JPG, it invokes your
picture viewer; but if you double-click an
executable, it runs the file you clicked
as a program.
This is totally inconsistent, unpredictable, and
prone to the kind of mischief we've been discussing