back to article Bogus Kama Sutra presentation opens your backdoor to hackers

A booby-trapped Kama Sutra-themed presentation will plant a backdoor when run on Windows machines, security watchers warn. The supposed PowerPoint presentation file – called Real kamasutra.pps.exe* – supposedly demonstrates different sexual positions. The file does include a NSFW slideshow of 13 different positions, but this …

COMMENTS

This topic is closed for new posts.
  1. doperative
    Gates Halo

    backdoor Windows machines

    > A booby-trapped Kama Sutra-themed presentation will plant a backdoor when run on Windows machines, security watchers warn.

    Well, DOH !!!

  2. Code Monkey
    Coat

    Open this file...

    ...and your're fooked.

  3. Ken Hagan Gold badge
    Paris Hilton

    Double extensions

    Microsoft eventually gave up on auto-running whatever removeable medium you stick in the machine. It was a daft idea and ten years of security holes eventually rammed the message home.

    The same will happen for hiding file extensions, eventually. Till then, we have stories like this.

    1. Anonymous Coward
      Anonymous Coward

      Hiding file extensions.

      Since windows always seems to hide file extensions (i still dont know how this is good for people), this will continue.

      Sadly the practice of people randomly clicking on things people send them such as this will continue as stupid people breed.

      1. LaeMing
        FAIL

        Rather silly really

        Even in their own documentation, MS frequently refers to "the .exe file" or "the .doc file" which must confuse a lot of people who have never turned off the default hide-extensions.

    2. Allan George Dyer
      Gates Horns

      This daft idea is much older...

      it goes all the way back to DOS and the 8.3 filename, and there are so many assumptions built on it that MS probably can't change it...

      i) every 8.3 filename has an extension that might indicate what type of file it is... but there is no registration of standard extensions

      ii) Windows: you will ONLY use your data files with one application, the registry associates known extensions with the relevant application

      iii) Windows 95: long filenames still have extensions (for compatibility) but they can also use "." elsewhere

      iv) technical details will be hidden from users

      The result is a user interface that does not provide sufficient information about what will happen when the user does something. Double-clicking on a icon might load the file in your favourite application, or run the file, or load the file in a completely different application that has managed to change the association in the registry...

  4. Paul Hovnanian Silver badge
    Paris Hilton

    Where to start?

    Backdoor, trojan, sexually transmitted disease.

    I just don't know where to start on a good joke.

  5. Mike Sallman
    Pint

    Playmobile Re-enactment

    Please?

  6. Anonymous Coward
    Linux

    So,

    As I don't run Windows, I can sit back and enjoy the show without worrying, right?

    <--- the penguin with the I-didn't-know-that-was-even-possible eyes

    1. Fatman

      `Enjoying the show`

      Thad,

      Whenever I hear about WindoZE back doors, all I think of is:

      BOHICA aka

      Bend

      Over

      Here

      It

      Comes

      Again

      I grew so tired of the daily prostrate exams by crims, that I left WindoZE behind; and haven't regretted it either.

    2. willowtoo
      Joke

      No !

      Enjoying the show with your penguin is just wrong.

      1. Anonymous Coward
        Anonymous Coward

        Just Try Telling The Penguin That!

        See those eyes? You think he (for a male it surely must be) would listen?

  7. Tron Silver badge

    Dear Adobe, Mozilla, Opera, Google etc.

    Next time you release an update for your software, stick an up-to-date, use-one-time anti-virus scan option in it. If the PC has no anti-virus on it, ask the user if they want a one-off system clean.

    You will take every system your software updates out of any botnets it is part off. And then keep doing it, each time you release an update, to help persuade users to update.

    For users, if you have no anti-virus, just download MSE and bloody use it, you spanners. It is free, it costs nothing, zero, zippo, zilch, bugger-all, nowt. Download it and run a full scan. It is no better and no worse than the one you got free with your PC six months ago and never paid the subs for. Just do it. Not having anti-virus is like leaving your front door open.

    http://www.microsoft.com/security_essentials/

    For Microsoft. Install MSE by default with your OS/updates, do the option thing you do for browsers for other anti-virus products and do the world a favour.

    FFS. It's not rocket science.

    1. Anonymous Coward
      Thumb Up

      re. Dear Adobe, Mozilla, Opera, Google etc.

      Good idea; even better, why don't the browser authors do a deal with anti-virus vendors to offer an embedded A/V to check anything downloaded by the browser? Even better if it could also scan any JavaScript for known threats before executing.

      The A/V vendors could use this as advertising for their full-strength products, so they have some incentive to participate.

    2. Anonymous Coward
      FAIL

      RE: Dear Adobe, Mozilla, Opera, Google etc.

      I think you should have written:

      Dear Users

      Stop using Windows. Not only is it shit, it's full of security holes.

      1. Edward Hull
        Troll

        RE: Stop using Windows. Not only is it shit, it's full of security holes.

        Unfortunately, until all common Linux distributions will run windows application out of the box with the ease of windows, you won't manage to get people to switch.

        I'm not up to date with the current state of WINE, and I've never actually played the following, but the point holds: Does it play crysis? (and for that matter, does it play whatever is the current leader in PC gaming technology?)

        When Linux can manage this task, Then Linux will be an alternative for the common home PC user. Unfortunatly, at that time, Linux will probably have gained all the problems of windows too.

  8. Joe Zeff
    Stop

    Old tricks still work

    As long as file extensions are hidden by default, scammers will take advantage of it. And, as long as people need to run their computer with Administrator rights just to get their programs to run, scammers will be sending out trojans like this.

    Sooner or later, people will get tired of wasting disk space, CPU time and money on anti-virus, anti-malware and anti-spyware programs and switch to an OS that's secure by design and Windows will go the way of the Dodo. Think of it as the computer equivalent of evolution in action.

    1. Charles Manning

      Why should I?

      Why should I read file extensions when software can do that and warn me?

      Any file that is an exe dressed up to look like a jpg or .pps or .doc is pretty obviously a boody trap and should raise a few red flag and be treated with more caution than the regular nanny warning.

      1. Ken Hagan Gold badge

        Re: boody traps

        "Why should I read file extensions when software can do that and warn me?"

        Er, because it doesn't? Well, Windows doesn't, anyway.

        "Any file that is an exe dressed up to look like a jpg or .pps or .doc is pretty obviously a boody trap and should raise a few red flag and be treated with more caution than the regular nanny warning."

        Fair point. Has anyone got a list of the AV programs that don't automatically quarantine such flagrant malware when "heuristic checking" is switched on?

  9. Anonymous Coward
    FAIL

    NSFW? Where is the proof?

    I figured somebody would have already said this, "Pix or no story."

    NSFW - Not Suitable for Wanking.

  10. Eddy Ito

    Oh

    Here I was thinking the article was NSFW but now I see it's the phony ppt file that's NSFW and I could have read the article at work after all.

  11. Robert E A Harvey
    Linux

    ha ha ha ha

    ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha

  12. Robert Heffernan
    FAIL

    comment.txt.exe

    You would think that any double-extension file would throw up a red-flag in pretty much every Anti-Virus product out there, especially when the actual file is an exe file.

    1. Refugee from Windows
      Pint

      That'd be a no brainer

      However My AV Vendor won't actually stop this glaringly obvious one as it's like the sign "free beer tomorrow". However the problem always is between the chair and the keyboard (or touchpad). That factor is very difficult to deal with unless you lock the system, even then they'll unlock it and still get caught out.

      I'm waiting to see Oohlook.doc.tar being sent to me...

      Beer, as there's no WINE here.

This topic is closed for new posts.

Other stories you might like