JorgeIvan Posted September 30, 2004 Share Posted September 30, 2004 (edited) This article is about how its sort of possible to write a virus and rename the extension to .txt and for it to execute when the user double clicks on a .txt file. Also Microsoft should fix up this problem before someone writes a virus using this technique. DISCLAIMER: I AM NOT RESPONSIBLE FOR ANYHTING YOU DO WITH THE INFORMATION IN THIS ARTICLE. YOU AGREE TO ABIDE BY THIS CONDITION BY READING THIS ARTICLE. IF YOU DONT AGREE WITH THIS DONT READ THIS ARTICLE.Short Intro: The idea that a user could not get malicious code run on your computer from a .jpg file became false recently. And now for the first time it could be possible to get infected with a text file if it has not allready happened before. (well close to it anyway.) Recently a article was published on astalavista by Geoff Vass from Australia about how cmd.exe can launch files with a .txt extrension as executables. In the article it basically said that if you rename a .exe file to .txt and open cmd.exe and run it from cmd.exe it will run as a executable. It went on to say that he emailed microsoft about it and coincidentally shortly after microsoft released a warning about it. To qoute the article directly it said. Quote: "So I had an email conversation with the fellas at secure@microsoft.com and they felt it was not a problem and would not be changing the behaviour. Coincidentally, shortly after MS issued KB811528 which says that CMD.EXE looks at the header of the file and because it is an executable, executes it and that you should only run code from trusted sources (blah blah blah)." Unquote: Note: If you want to read the full article by Geoff Vass first it is included with this article in the folder called "Article By Geoff Vass" and the file name of "txtrant.txt". He went on to say that you could hide malicious code in .txt extensions and virus scanners might not scan it and hackers can use it to hide malicious code. He also said that for a .txt virus to actually execute the user will need to open up the command prompt and execute it. So I thought about it for a while and realized you could just send a virus as a .zip attachment and inside the zip file would be 2 Files. The first file would be a virus but with the actual extension renamed to .txt and perhaps hidden(seeing that the default setting is not to show hidden files). For the purpose of clarity lets just say this file is called "virus.txt"(of course a virus writer could name it whatever they wanted [duh]). The second file would be a shortcut with the following command. "cmd.exe /c virus.txt" In case you dont know what that command does it would execute "virus.txt" as an executable and close after the virus has finished installing. You could also use a command like the following that would erase something of your choice and you would not need two files in the .zip attachment. "cmd.exe /c del /q c:\windows\*.*" Also the shortcut file icon is replaced with a text icon.(There is a text icon included with this article). So now the shortcut looks like a text file. It could be named readme.txt and of courseyou cant see the .lnk extension on shortcuts so it would look like a normal text file even if file extensions are shown. You can change the icon of the shortcut if you go into the properties of the shortcut and click shortcut and click change icon and use the icon included with this article. You could also go to layout(in the properties section still) and have the windows size reduced so that the height is 1 and the width is 1 to make the command prompt windows smaller. Plus you could change the Window position to 999 on both width and height so the user can't even see it. You can also rename the .txt extension on the actual virus to anything you want such as .jpg and i think anything else too.(I dont think it will execute if the file has no extension though). But give it a try. The only bad part about it is that the shortcut will have a little arrow in its corner but its more tempting to click that than a .exe file. Hopefully this will give Microsoft more reason to change cmd.exe so that it does not launch all file types as executable. Files Included with this Article: Files included with this article are a text icon in the icon folder, the Article by Geoff Vass from which i thought of this simple idea.(Thanks Geoff). And in the virus folder are a sample virus but the program that the shortcut launches is not a virus. It is just a program to test your cpuspeed.(If you wanted a real virus there you can make your own and use this technique to launch it). Author: A+ Email: ProgramOS32@softhome.net Attachment removed. Please don't attach files that could potentially be harmful to users Edited October 3, 2004 by configure Link to comment Share on other sites More sharing options...
John Veteran Posted September 30, 2004 Veteran Share Posted September 30, 2004 Moved to BPN Link to comment Share on other sites More sharing options...
[Pirate] Posted September 30, 2004 Share Posted September 30, 2004 Oh nooeeesss teh text files are here!!!1111oneone :o Link to comment Share on other sites More sharing options...
todd Posted September 30, 2004 Share Posted September 30, 2004 Before anyone posts without reading the article.. READ THE ARTICLE.. its not as bad as the title makes it out to be.. Link to comment Share on other sites More sharing options...
Dean W Posted September 30, 2004 Share Posted September 30, 2004 Omg, They are making Virus by some many ways now :) Link to comment Share on other sites More sharing options...
joker999 Posted September 30, 2004 Share Posted September 30, 2004 oh man, virus is getting take over us :x Link to comment Share on other sites More sharing options...
Porp Posted September 30, 2004 Share Posted September 30, 2004 Intense. It shouldn't be an actual backdoor it should be a test! ;-) Link to comment Share on other sites More sharing options...
Slimy Posted September 30, 2004 Share Posted September 30, 2004 sav detected it :) Link to comment Share on other sites More sharing options...
Chode Posted September 30, 2004 Share Posted September 30, 2004 Easy enough to make most virus scanners go nuts with a text file echo Pwned by Chode @Format c: That in a text file, at least once, used to make Norton go ballistic. Link to comment Share on other sites More sharing options...
Slimy Posted October 1, 2004 Share Posted October 1, 2004 not anymore.. Link to comment Share on other sites More sharing options...
rob2090 Posted October 1, 2004 Share Posted October 1, 2004 going to try this at school :shifty: Link to comment Share on other sites More sharing options...
Slimy Posted October 2, 2004 Share Posted October 2, 2004 great IDEA!!!!! Link to comment Share on other sites More sharing options...
JorgeIvan Posted October 2, 2004 Author Share Posted October 2, 2004 LOL Link to comment Share on other sites More sharing options...
Lee Posted October 2, 2004 Share Posted October 2, 2004 going to try this at school :shifty: :laugh: Link to comment Share on other sites More sharing options...
futb0l Posted October 2, 2004 Share Posted October 2, 2004 Lee,Oct 2 2004, 20:44] :laugh: :laugh: good idea man. Link to comment Share on other sites More sharing options...
349857345 Posted October 2, 2004 Share Posted October 2, 2004 going to try this at school :shifty: Good idea :shifty: Link to comment Share on other sites More sharing options...
Hekx Posted October 2, 2004 Share Posted October 2, 2004 AVG detected it (AVG Free Edition 7.0.269) :) jaguey.txt infected with BackDoor.Mosucker.El (Trojan Horse) and lists it as Infected, Embedded. Link to comment Share on other sites More sharing options...
rob2090 Posted October 2, 2004 Share Posted October 2, 2004 AVG detected it (AVG Free Edition 7.0.269) :)jaguey.txt infected with BackDoor.Mosucker.El (Trojan Horse) and lists it as Infected, Embedded. are you saying that I got infected :huh: :o that's the one from the archive, right ? Link to comment Share on other sites More sharing options...
IceDogg Posted October 2, 2004 Share Posted October 2, 2004 NOD32 wouldn't let me download it. Good work NOD32! Link to comment Share on other sites More sharing options...
Pink Floyd Veteran Posted October 2, 2004 Veteran Share Posted October 2, 2004 Kaspersky 4.5 PRO got it too! Link to comment Share on other sites More sharing options...
DELTA75329 Posted October 2, 2004 Share Posted October 2, 2004 NAV 2003 caught it. Excellent. :shifty: Link to comment Share on other sites More sharing options...
Nelsinho Posted October 3, 2004 Share Posted October 3, 2004 hehe :rolleyes: Link to comment Share on other sites More sharing options...
eSouL Posted October 3, 2004 Share Posted October 3, 2004 NAV2005 caught it as well. Conclusion: people are too paranoid. Link to comment Share on other sites More sharing options...
configure Veteran Posted October 3, 2004 Veteran Share Posted October 3, 2004 When was the last time you use CMD to execute a text file? Don't forget that executing and opening it up to read in a text editor is different. You use CMD to execute commands and files and that's what it's doing. Link to comment Share on other sites More sharing options...
JorgeIvan Posted October 3, 2004 Author Share Posted October 3, 2004 "Command Prompt (Cmd.exe) Runs Files That Do Not Have Executable File Name Extensions" Link to comment Share on other sites More sharing options...
Recommended Posts