Thursday, December 9

Another way of getting you into running virus

What can you see from this picture?

I downloaded the "legitimate name.rar" from Internet, thinking that's a video clip for a show. After unzipped, the second file "legitimate name.rmvb" showed up, with an icon of Windows Media Player. Everything looks so normal.

No, it is not normal. The name of the second file is actually:
"legitimate name.rmvb (with 50 space) .exe",
so it is an unidentified application that can do who-knows-what. Take extra attention to the "..." at the end of the file name, because that means part of the name is not showing up due to the limited column size. Then the "Application" will give you some hint before you click this ".rmvb" file.

That is a very good trick in Social Engineering.