January 4th, 2005, 08:16 PM
Numbers.pps (.pps file) What is this?
I received this file as an attachment from a yahoo group email that was sent out today. I didn't open it cause for one I don't the person who sent it and two cause I have never heard of a file with a .pps extension. Can anyone tell me what this file is and what it does and if I should be concerned about it? I have it temporarily deleted, cause I wanted to bounce it off you guys and didn't want to comletely delete it incase anyone needs me to send them the actual file, so, it is sitting in my inbox in the trash folder waiting 2 b deleted. This is the file that was sent to me:
January 4th, 2005, 08:24 PM
It should be a MS PowerPoint file. If you dont have PowerPoint, you can download the reader for free from MS.
PowerPoint Viewer 2003
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
January 4th, 2005, 08:30 PM
.PPS has a few associations. The more obscure is for ArcView Processing Set Codes. ArcView is a GIS software package from ESRI. If you don't know what GIS or ESRI refer's to, this probably doesn't impact you (the geologist-geeks in this crowd are all worked up right now.)
More likely, it is a Power Point Show. That is the most common use of .PPS, I would guess.
You should be absolutely concerned about it...you don't know what it contains, if it has any malicious scripts or code, pornographic or gruesome content, or other unforseen problems. You have taken the right step in the correct course of action, from a security standpoint...you've deleted it unopened and untouched. Now empty that deleted items folder and begone with it for good...that's my $0.02.
Now, it's possible it contains something funny or amusing or Really Important(tm)...many, many people share things via eMail like this...but it's just not smart, IMHO. Get rid of it, reply to the sender and ask them to share the content in a less intrusive way, if possible.
But that's just my opinion, it's your account/system, do as you see fit. Good thinking though. If only my users were half as insightful as you've been....
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
January 4th, 2005, 08:34 PM
Or you can just open it using Powerpoint like CXGJarrod suggested.
January 4th, 2005, 08:41 PM
Please send me a copy attached to a PM (private message........purple tab at the top of this post) and I will carefully "defuse" it on a labrat (test) machine.
DON'T OPEN IT
January 4th, 2005, 10:35 PM
Yeah, you're probably right, it probably is just something funny or stupid, but again, as you said, you don't know what it is or where it came from or what it may contain, so, I am going to do as you said and just delete it without opening it. But I am trying to send it to nihill so he can check it, but I can't figure out how to send it to him in a PM as an attachment without opening and downloading it. I tried to right click on it and paste the shortcut but all I got were a bunch of letters and numbers. I tried to save target as to a folder but when I did this it showed up as an HTML document, so, I didn't send that to him cause I was not sure if that would be the same exact file or not anymore, if it would be corrupted somehow by me saving it. Should I paste what it looked like here after I copied the shortcut?
it's possible it contains something funny or amusing or Really Important(tm)...many, many people share things via eMail like this...but it's just not smart, IMHO. Get rid of it, reply to the sender and ask them to share the content in a less intrusive way, if possible.
\"Champagne for my real friends, real pain for my sham friends\"-Ed Norton/25th Hour
January 5th, 2005, 04:18 AM
OK Folks here it is:
One of those silly inter-office, inter-company funnies.
1. It is a .pps (power point screen show) file of 111Kb.....SINGLE EXTENSION!.........the first thing one looks for? (.pps_.exe is CERTAINLY a bad guy, and sometimes they put a load of spaces in between so the last , executable extension is hidden) In this context you MUST set your preferences to show ALL file extensions. The default is to hide known file extensions.
2. There are no added/embedded macros.
3. Converted it to a .txt file and took it to a 9x box and used file manager (a 16 bit DOS app) to look at it in Wordpad (never use Word or Write, they can certainly launch executables) There would be no point in attempting to decompile it, as stuff out of MS office remains incomprehensible anyways. I have developed the skill of pattern recognition, and, to me, embedded code stands out like a sore thumb.
4. Launch it!............OK the first slide appears...............yes there are numbers on it (the title of the thing was "numbers"). Skip to the last slide...........if there is a trigger it will not be on the first, when people are still a bit wary, and not on the last, because the malware would run on after the end?
AH! it is a picture of a young lady, parts of whose anatomy is concealed by these "number" tags.................as you go through the show, they get removed..I can read enough "raw" Powerpoint to figure that out. She seems to have a rather nice "personality" or two?
So a few seconds research shows that it was produced by some guy working in the accounts department of a Brazilian Financial Institution (blackmail..........moi? )
I know his name, I know his employers, I can prove that he used their copy of MS office, and I know that he knows jack S**t about metadata.
Now, how did our colleague get it?.........from a friend, even though he does not know the sender, he said. He is not lying, the guy obviously created a sub-account under a false name..........he will be dealt with
Anyways, it turned out to be a false alarm of sorts............not that I believe in false alarms, I believe that anything suspicious should be verified first. Users will go with that......someone has sent them something, they WILL NOT delete it......but they will send it to be verified, I am afraid that is human nature.