Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 1999-q4

Exploit-Dev Archives: Re: stealth executables

Re: stealth executables

Adolfo Soto (asotoINAME.COM)
Thu, 30 Sep 1999 18:44:43 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Martin: "Re: Accessing IE/Netscape incomming data"
Previous message: Paul Keefer: "AIM 3.0"

On Wed, 27 Oct 1999, Brad Griffin wrote:

>Hi all.
>I was reading a mainstream newsletter a couple of days ago which had
>the following article. Forgive me if it is common knowledge (it was a
>new one for me).

I guess this is quite the same that the bug reported at:
http://www.kriptopolis.com/boletin/0138.txt

Spanish only sorry. This bug (reported to MS before September) allows
to hide an executable in a new extension type. So don't double-click
anything just because it ends in "thx" i.ex. :-)

>The Danger Of Stealth Executables
>
>"SHS" and other little-known or seemingly-benign file types
>(often completely ignored by antivirus apps) can disguise
>malicious executables and macro viruses!
>
>A reader from Canada, recently had an eye-
>opening experience that's instructive to us all:
[...snip..]

--
Adolfo Soto
-Subscriber of The Boulder Pledge -
PGP mail welcome.
Fingerprint: BD 12 A9 E2 0D 63 23 6F 88 D9 3E 32 20 F1 57 84

Next message: Martin: "Re: Accessing IE/Netscape incomming data"
Previous message: Paul Keefer: "AIM 3.0"

This archive was generated by hypermail 2.0b3 on Thu Oct 28 1999 - 13:57:36 CDT