"Dual extensions" ,What are that?

Discussion in 'Trojan Defence Suite' started by ronny, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Sorry, i don't understand what dual extensions are. o_O
    I looked in the helpmanual from TDS-3 and i used the "search"-button of this forum but didn't find any information.
    Didn't i look at the right places?
    Can someone explain me what these "dual extensions" are,
    Are these dangerous?
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Most files have just one extension. For example, the extension for "notepad.exe" is .exe. It has become common practice for worms to have multiple (usually 2) extensions, such as "notepad.txt.exe". This filename may confuse some people into thinking that it's a .txt file, whereas it's actually a .exe (the last extension is always the correct one).

    Windows 2000, XP etc also have a "Hide known extensions" option which is turned on by default, so even if a file was a .exe file you may not see it, making this trick even more effective.
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    what Wayne said.... :cool:
    just beat me

    someone may send email saying look at this great pic.
    But it may look like this: pic.jpeg [spaces].bat/.exe.scr etc. so you don't really see the full file name..
    always make sure you have the 'columns' in viewing panes spread out to see such tricks.

    but to make sure it's not hidden.. see pic.

    make sure it's UNCHECKED...

    TAS
     

    Attached Files:

  4. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Thank you Wayne &Tassie :)
    By the way ,i noticed when i changed the name from for instance :" program.exe" to "program9.1.8exe" TDS-3 says it found this dual extension.But i do now understand that this is a "false" alarm ,i mean this is not dangerous. It is just because i changed the name,isn't it?
    [Not so smart,me, ,but quickly learning thanks to you all ;) ]
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Yes Ronny, that's it.

    You see, sometimes when you, say, download a genuine program [.exe or whatever], it "may" have what TDS3 or WormGuard for that matter, considers dual extensions, but they are only indicating that there is a . [full point] more than once in the file that in PC terms means an extension.

    eg: programv1.0.exe would give an 'alarm' as it considers the 1.0 [the .] as an extra extension.

    Hope this now fully clears things up for you.

    Cheers, Adrian.
     
  6. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Yes,Adrian it does!
    People like you and others on this forum make the internet so worthwhile.Thanks a lot. ;)
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Ther is also another dangerous type dual extention such as:
    notepad.txt .exe

    By putting the extra spaces in one can be mislead into just seeing the "notepade.txt" but windows will see it is a .exe file and run it should you choose to open it.

    TDS & WG ill also see these :)
     
Thread Status:
Not open for further replies.