A booby-trapped Kama Sutra-themed presentation will plant a backdoor when run on Windows machines, security watchers warn. The supposed PowerPoint presentation file – called Real kamasutra.pps.exe* – supposedly demonstrates different sexual positions. The file does include a NSFW slideshow of 13 different positions, but this is …
backdoor Windows machines
> A booby-trapped Kama Sutra-themed presentation will plant a backdoor when run on Windows machines, security watchers warn.
Well, DOH !!!
Open this file...
...and your're fooked.
Where to start?
Backdoor, trojan, sexually transmitted disease.
I just don't know where to start on a good joke.
Microsoft eventually gave up on auto-running whatever removeable medium you stick in the machine. It was a daft idea and ten years of security holes eventually rammed the message home.
The same will happen for hiding file extensions, eventually. Till then, we have stories like this.
Hiding file extensions.
Since windows always seems to hide file extensions (i still dont know how this is good for people), this will continue.
Sadly the practice of people randomly clicking on things people send them such as this will continue as stupid people breed.
Rather silly really
Even in their own documentation, MS frequently refers to "the .exe file" or "the .doc file" which must confuse a lot of people who have never turned off the default hide-extensions.
This daft idea is much older...
it goes all the way back to DOS and the 8.3 filename, and there are so many assumptions built on it that MS probably can't change it...
i) every 8.3 filename has an extension that might indicate what type of file it is... but there is no registration of standard extensions
ii) Windows: you will ONLY use your data files with one application, the registry associates known extensions with the relevant application
iii) Windows 95: long filenames still have extensions (for compatibility) but they can also use "." elsewhere
iv) technical details will be hidden from users
The result is a user interface that does not provide sufficient information about what will happen when the user does something. Double-clicking on a icon might load the file in your favourite application, or run the file, or load the file in a completely different application that has managed to change the association in the registry...
As I don't run Windows, I can sit back and enjoy the show without worrying, right?
<--- the penguin with the I-didn't-know-that-was-even-possible eyes
`Enjoying the show`
Whenever I hear about WindoZE back doors, all I think of is:
I grew so tired of the daily prostrate exams by crims, that I left WindoZE behind; and haven't regretted it either.
Enjoying the show with your penguin is just wrong.
Just Try Telling The Penguin That!
See those eyes? You think he (for a male it surely must be) would listen?
Dear Adobe, Mozilla, Opera, Google etc.
Next time you release an update for your software, stick an up-to-date, use-one-time anti-virus scan option in it. If the PC has no anti-virus on it, ask the user if they want a one-off system clean.
You will take every system your software updates out of any botnets it is part off. And then keep doing it, each time you release an update, to help persuade users to update.
For users, if you have no anti-virus, just download MSE and bloody use it, you spanners. It is free, it costs nothing, zero, zippo, zilch, bugger-all, nowt. Download it and run a full scan. It is no better and no worse than the one you got free with your PC six months ago and never paid the subs for. Just do it. Not having anti-virus is like leaving your front door open.
For Microsoft. Install MSE by default with your OS/updates, do the option thing you do for browsers for other anti-virus products and do the world a favour.
FFS. It's not rocket science.
re. Dear Adobe, Mozilla, Opera, Google etc.
The A/V vendors could use this as advertising for their full-strength products, so they have some incentive to participate.
RE: Dear Adobe, Mozilla, Opera, Google etc.
I think you should have written:
Stop using Windows. Not only is it shit, it's full of security holes.
RE: Stop using Windows. Not only is it shit, it's full of security holes.
Unfortunately, until all common Linux distributions will run windows application out of the box with the ease of windows, you won't manage to get people to switch.
I'm not up to date with the current state of WINE, and I've never actually played the following, but the point holds: Does it play crysis? (and for that matter, does it play whatever is the current leader in PC gaming technology?)
When Linux can manage this task, Then Linux will be an alternative for the common home PC user. Unfortunatly, at that time, Linux will probably have gained all the problems of windows too.
Old tricks still work
As long as file extensions are hidden by default, scammers will take advantage of it. And, as long as people need to run their computer with Administrator rights just to get their programs to run, scammers will be sending out trojans like this.
Sooner or later, people will get tired of wasting disk space, CPU time and money on anti-virus, anti-malware and anti-spyware programs and switch to an OS that's secure by design and Windows will go the way of the Dodo. Think of it as the computer equivalent of evolution in action.
Why should I?
Why should I read file extensions when software can do that and warn me?
Any file that is an exe dressed up to look like a jpg or .pps or .doc is pretty obviously a boody trap and should raise a few red flag and be treated with more caution than the regular nanny warning.
Re: boody traps
"Why should I read file extensions when software can do that and warn me?"
Er, because it doesn't? Well, Windows doesn't, anyway.
"Any file that is an exe dressed up to look like a jpg or .pps or .doc is pretty obviously a boody trap and should raise a few red flag and be treated with more caution than the regular nanny warning."
Fair point. Has anyone got a list of the AV programs that don't automatically quarantine such flagrant malware when "heuristic checking" is switched on?
NSFW? Where is the proof?
I figured somebody would have already said this, "Pix or no story."
NSFW - Not Suitable for Wanking.
Here I was thinking the article was NSFW but now I see it's the phony ppt file that's NSFW and I could have read the article at work after all.
ha ha ha ha
ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha
You would think that any double-extension file would throw up a red-flag in pretty much every Anti-Virus product out there, especially when the actual file is an exe file.
That'd be a no brainer
However My AV Vendor won't actually stop this glaringly obvious one as it's like the sign "free beer tomorrow". However the problem always is between the chair and the keyboard (or touchpad). That factor is very difficult to deal with unless you lock the system, even then they'll unlock it and still get caught out.
I'm waiting to see Oohlook.doc.tar being sent to me...
Beer, as there's no WINE here.