"This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them."
I haven't got a Windows box handy to try this on but I assume there is at the very least an extra warning dialog when opening an exe - even a zipped exe?
Not that that mitigates this at all. The inability to distinguish executables from data files - and although that doesn't apply in this case - the ability of data files to hide executable payloads either via design or error - is a major and currently uncorrected flaw in the system.
It does (I think), but even if it doesn't, it uses the file extension to determine it. However, EXE files are free to set their own icon. In this case, the icon of the EXE was a "PDF" icon.
The silly bit is the fact that the file extensions are hidden by default, and users can only use the icon to check the file type.
"This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them."
I haven't got a Windows box handy to try this on but I assume there is at the very least an extra warning dialog when opening an exe - even a zipped exe?
Not that that mitigates this at all. The inability to distinguish executables from data files - and although that doesn't apply in this case - the ability of data files to hide executable payloads either via design or error - is a major and currently uncorrected flaw in the system.