The good folks at F-Secure uncover the first
Windows 7 security fail … and it’s a classic.
The issue in question is nothing new. In fact, it’s been around for so long that I didn’t even bother checking to see if it had been fixed.
You see, in Windows NT, 2000, XP and Vista, Explorer used to
Hide extensions for known file types. And virus writers used this “feature” to make people mistake executables for stuff such as document files.
The trick was to rename
VIRUS.EXE to
VIRUS.TXT.EXE or
VIRUS.JPG.EXE, and Windows would hide the
.EXE part of the filename.
Additionally, virus writers would change the icon inside the executable to look like the icon of a text file or an image, and everybody would be fooled.
Surely this won’t work in Windows 7.
Lets try.
Hmm. It sure looks like a text file in Explorer: