steven36 Posted March 1, 2020 Share Posted March 1, 2020 Microsoft hides file extensions in Windows by default even though it's a security risk that is commonly abused by phishing emails and malware distributors to trick people into opening malicious files. A file extension is the letters immediately shown after the last period in a file name and is used by the operating system to determine what program is used to open, view, and utilize the file. For example, the file report.txt has an extension of .txt, which is associated with the Windows Notepad program to open and view its contents. By default, Microsoft decides to hide file extensions in Windows so that a file named 'report.txt' is simply shown in File Explorer as 'report'. The original reason for this was probably to make it less confusing to users, but regardless of the reason, it is a security risk that attackers abuse. Windows default settings abused by attackers To illustrate how the hiding of file extensions is a security risk, let's take a look at the following folder containing two files. With file extensions disabled, they look like the same PDF file as they both have the same name and the same icon. File extensions are hidden in Windows If we enable extensions, though, we quickly see that these are two different files with one being a PDF as expected, but the other being an executable file that uses a PDF icon. File extensions are now enabled In this case, the malware executable purposely used the PDF icon normally shown by Adobe Reader to trick users who have file extensions disable that it is a PDF file. This is not to say strange PDFs you receive via email cannot be a risk, but receiving executables disguised as PDFs should definitely raise more alarms. Real phishing example abusing file extensions As an example of how attackers are abusing file extensions, let's take a look at a real phishing email that was sent last year. This email pretends to be a requested scan of an agreement with an attached ZIP file named Scan_002_01.zip. Real phishing email with zip file attachment When we extract the attachment, we see what appears to be a harmless PDF file. Extracted folder with extensions disabled When we enable the displaying of file extensions, though, we see that this is not a PDF file, but an executable instead. Extracted folder with extensions enabled Just by unhiding file extensions in Windows, we were able to see that this is not a safe file to execute and potentially saved our computer from being infected with ransomware or installing backdoors that could have compromised the entire network. How to enable file extensions in Windows 10 I strongly suggest that users enable the showing of all file extensions in Windows 10 so that they know exactly what type of file they are interacting with. To enable file extensions in Windows 10, please follow these steps: Search for 'Folder Options' in the Windows 10 Start Menu and when 'File Explorer Options' appears, click on it. Search for Folder Options When the File Explorer Options screen appears, click on the View tab and scroll through the Advanced settings until you see an option labeled "Hide extensions for known file types". Now uncheck the option as shown below. Search for Folder Option Now press the Apply button followed by the OK button and the File Explorer Options screen will close. Now all files displayed on the desktop, in folders, or in File Explorer will display a file extension. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.