Can We Hide exe files behind other type of fies?

[bwaqas]

The title of the post itself is my question? Is it possible that we send a picture file or any other file (e.g. word file, text file, mo3 or anyother media file) to someone but when he/she opens the file, a hidden exe file starts working behind?

[CraigD]

Quote:

Originally Posted by bwaqas

The title of the post itself is my question? Is it possible that we send a picture file or any other file (e.g. word file, text file, mo3 or anyother media file) to someone but when he/she opens the file, a hidden exe file starts working behind?

I don’t know the exact specifics of it, but it is possible for a MSWord (.doc) file to define instance of ActiveX (formerly known as OLE) class objects that invokes that class’s LocalServer32 attribute, which is usually a program (.exe) file.

Years ago, my shop was badly infected by such an Office97-type virus, which spread rapidly because of our widespread use of Word documents. It turned out to be exploiting a class created by a 3rd party .vbx file installed by an in-house Visual Basic app common to most of our Windows machines, and was damn difficult to eradicate.

I’m sure there are other, similar vulnerabilities in any OS that relies on embedded object served by many poorly known an managed executables that use no sort of security handshaking. There’s even a setting for WindowsOS browsers that allow an http page from a remote host to invoke ActiveX controls registered on the client machine, though, sensibly, few people ever switch it on.

[rockytriton]

You could rename an exe file to .jpg but you would need to modify the file type information in windows to specify jpg's type handler to be an application type. I hope you aren't asking for advice on how to infect someone though.

[C1ay]

Why do you keep asking about ways to cause problems for other computer users here? All of your posts have had this tone about them.

[alexander]

in short, yes you can hide executables behind other extensions, yes you can have those run in the backgrond, and if you were good, you can still even have the functionality of the original file, say a picture for example, will still open up. But if you run a REAL OS, file extensions mean squat anyways and nifty utils such as file will reveal such an ordeal, other then that....

[Hecman]

Hey there, Not sure if this thread started with alterior motives but I have a real problem I am trying to solve. Have an authoring tool that creates exe presentation files. these file in turn need to be distributed. On a network or through the web (even in zip) they are being stripped or identified (rightfully so) as a problem. Does anyone have a possible solution as to how to distribute the files without being blocked? The files are presentations and do not install anything they unpack and run in memory.

Thanks

[Buffy]

Blocked by what? In general, you need to have some sort of virus detection software running to stop it on the server end, and if you do have it, there are usually mechanisms that will allow you to create exceptions for "verified" files (how you do this depends on the software).

IE and some client-side plug-ins/tool bars/virus/adware software will prevent *download* of exe files, but usually don't block zip files unless you tell them to.

Can you describe the environment a little bit more?

That which is not prohibited is required,
Buffy

[CraigD]

Quote:

Originally Posted by Hecman

Have an authoring tool that creates exe presentation files. these file in turn need to be distributed. On a network or through the web (even in zip) they are being stripped or identified (rightfully so) as a problem. Does anyone have a possible solution as to how to distribute the files without being blocked?

After creating file mydemo.exe, use Explorer, a command line, etc. to rename it mydemo.ChangeThisExtension or similar. Distribute mydemo.ChangeThisExtension, along with instructions for the recipient to rename it back to mydemo.exe (circumventing any pesky file extension hiding preferences they may have), then run it.

If the filtering programs are smart enough to check file contents (such as a typical antivirus does), or the recipient’s security policy won’t let him change file extensions to exe, this wouldn’t work, but it’s a quick and simple solution which I’d give a try before looking into something more sophisticated.

Assuming the recipient knows and trusts you, there’s nothing especially unholy about renaming files to circumvent security filters.

[Buffy]

Quote:

Originally Posted by CraigD

...Distribute mydemo.ChangeThisExtension, along with instructions for the recipient to rename it back to mydemo.exe (circumventing any pesky file extension hiding preferences they may have), then run it.

If the filtering programs are smart enough to check file contents (such as a typical antivirus does), or the recipient’s security policy won’t let him change file extensions to exe, this wouldn’t work...

...or also if there is a process that monitors and prevents execution of "unapproved" applications.

As I mentioned to hecman in a PM, unless you know what the "blocker" is doing, its hard to say how to go about circumventing it....Craig's technique is probably one of the first I'd try though!

You know I could have been in the NSA, but they found out my parents were married,
Buffy

[Southtown]

Quote:

Originally Posted by Hecman

Hey there, Not sure if this thread started with alterior motives but I have a real problem I am trying to solve. Have an authoring tool that creates exe presentation files. these file in turn need to be distributed. On a network or through the web (even in zip) they are being stripped or identified (rightfully so) as a problem. Does anyone have a possible solution as to how to distribute the files without being blocked? The files are presentations and do not install anything they unpack and run in memory.

Thanks

Did you write the authoring tool?
No hope for M$ users sorry.
Yah. Linux/OpenOffice