[Wolves] {Dangerous Filename?} Hi
sparkes
sparkes at phreaker.net
Thu Jan 29 14:09:58 GMT 2004
On Thu, 2004-01-29 at 13:46, David Goodwin wrote:
> Chris Procter wrote:
> > Does anyone know what a .pif file actually is, the only ones I have ever
> > encountered have been viruses but I assume not even windows would reserve a
> > file extension for viruses.
> >
>
> I think it's some lame ancient legacy thing... although I've only ever
> seen .com and .exe executables personally.
.pif was a shortcut to an executable in win16
There are a lot of boo boos in windows that allow executable code. For
example one that has had me laughing all week goes like this...
write an html file that has lots of dodgy code (the kind that is only
possible in windows) in it.
rename the file so it ends in .folder
windows XP now thinks it is a folder, you could zip this so it looks
like a compressed folder if you like
send this to the target.
they see it is a folder, and folders can't hurt you, so it gets clicked
on
XP thinks, hang on - this isn't a folder, and looks at the first few
bytes to see what file type it really is.
The file is a html file so windows opens it up ie, with all the
permissions granted to html files in the My Computer zone, that is
allowing it to do anything ;-)
how-to foobar your friends XP machine in 10 completely lame minutes ;-)
The latest virus's don't even need to be clicked to execute thanks to
some absolutly crackingly large holes in outlook and ie.
sparkes
More information about the Wolves
mailing list