This is like the most suspicious possible thing ever and the sad thing is I could genuinely see some granny falling for this. It's absolutely absurd that file extensions are STILL disabled by default in Windows AND the fact that shortcuts don't have a dedicated file extension is weird
@@hostgrady Could also be done on Linux. .tar files can store symlinks and file modes. Only thing that helps is if your shell prompts if you want to execute a file or open it.
Thank you for not blaming the victims. I see so many people blame people for getting infected. "use common sense" is a common phrase. Well yes, ideally reason will always help. However, how do we apply that logic to the elderly or developmentally disabled? Or the layperson who is stressed--stress and exhaustion can severely impact one's decision making. So, for all of the people out there, thank you for being informative, rather than condescending.
Yup. social engineering is a big part. A victim falls always due to some sort of manipulation, it's not the victim's fault if it was tricked to do that.
Stress is a bit one, even the most tech savvy of us can potentially do something stupid when stressed out. Most computer users are even worst off as they don't understand things the way we do. Most people think like a technician, they follow instructions and don't ask or care how anything works (different priorities). Others think like an Engineer always questioning why things are the way they are, always skeptical. (To be fair/clear when I say they think like technicians I'm talking about the average technician in my experience that really doesn't understand jack squat). Even if you don't have an Engineering mindset you can still protect yourself by educating yourself on what to look out for which is why videos like this one are so important and even if you do have an Engineering mindset there could be things you would normally overlook because you've done similar stuff enough times that you've stopped thinking about it.
Yep I agree Actually if a person doesn't even know what a virus is or how it works, nor how a virus could worm your way to your PC. Then it's a pretty easy way to get infected. And it doesn't matter if you're smart or not it's gonna get you So cyber security knowledge is key too(although nowadays this is 'common sense')
Note that the "type" column in Windows does NOT show what type or kind of file this is. It only shows what program has been assigned in that computer to open that kind of file. The system does not verify that this is a good association or even a valid one; program installation routines regularly alter this association. For this reason, I never enable the (misleading) type display, but do look at the actual extension.
yeah, not exactly relevant but i HATE this about windows. there's no such thing as a "Firefox HTML Document" or "VLC Media File" (that one is especially bad because it registers about 900 extensions by default that are rarely actually media files, probably most notably .bin). part of that is due to windows not having magic-based file type detection like XDG desktop environments have. and I can't believe they haven't removed "hide file extensions" or at the very least turned it off by default at this point due to how much it easily it can be used to mask malware
Sherman, what are ye on about? The type column uses the extension to get the description of the file type. It's not misleading because it tells you exactly what the extension *would normally open with*. The extension itself is misleading, if the file is of another type than what you see it's ended in. And even if that is the case, so what? If the file is an actual malicious exe but ending in .pdf, no big deal. No pdf reader will interpret it and just spit out an error. If the file is apparently an innocent pdf but ends in .exe, the type column will still list it as "Application" because that's the extension. Does the file's icon confuse you? You can maliciously give apps any icon, even the one of a pdf file. And THAT is the reason why you should always enable file extensions, and no reason why you have to disable the type column. It's not the OS' job to check if "this is a good association or even a valid one". There are thousands of file types, and it doesn't fall on Windows to know and verify their headers... That would ruin drive lifespans if you think about it. Also, keep your OS and virus definitions updated.
i feel like disk images having the extension of .img is really dangerous since a scammer could send a file claiming it for be a photo of a certificate or something and this could be used maliciously. super scary stuff
I'm sure whoever came up with the .IMG format just thought they were being clever calling a disk image an IMG. If memory serves IMGs were generally used for floppy disk though I think they can be used for other disk formats as well (pretty sure I've seen them used by some PS1 emulators back in the day).
Okay yeah, but you have to be pretty dum dum to see the icon and realize it doesn't look like any thumbnail or image icon you have ever seen before. And if someone is indeed that unknowledgeable about computers, then they can be exploited in any number of ways anyway.
Yeah, Windows Defender's "Smart Screen" will prevent you from running a certain executable, but when you open the command prompt as an administrator and run the same executable from there, it will bypass the "Smart Screen", which is kind of hilarious
This seems like it would be an easy fix for Microsoft: *Warning* The shortcut you tried to open will execute a Windows command, which is often used by malware to bypass Windows' security and harm your system. Are you sure you want to open this shortcut? □ Don't show again for this file [Yes] [No]
@@Pasu4 Your design is actually pretty bad. You should not have "Yes" shown by default on such a screen. Do it like SmartScreen where you have to click extra to see the "Run Anyway" button. So it takes two more clicks instead of one to execute.
@@Lovuschka I agree, but Windows has basically the same options (Run / Cancel) when you try to run a .exe from the internet. But of course this wouldn't be a problem in the first place if SmartScreen caught programs opened from cmd / Powershell by automated scripts / files from the internet.
I've always felt that there was something wrong with Windows hiding file extensions. This perfectly illustrates one of the reasons why it's wrong. It's a security hole for people that don't pay enough attention. This is actually one of the things I dislike about Linux, it doesn't require file extensions for anything. Most graphical environments will read the file type magic from the header and correctly display icons. Though to its credit executables will get their own icon, generally a cog. Although since it requires the executable bit to be set, you could actually `chmod -x *` when you unpack an archive and prevent that. It's still annoying to not have a .exe or even what I name my programs with a .x as their extension.
No, that's false. Linux does require file extensions for most user space programs to work. For example, clang and gcc need specific extensions for files that you want to compile. The difference is that the kernel knows the file by reading its contents, not the extension, but that doesn't mean extensions are unnecessary.
There's still an element of trust even with extensions visible. In that the file is what the extension says it is. That's why antivirus and malware scanners look over the file thoroughly. Trust but verify as the saying goes.
@@brodriguez11000 Incorrect. The extension says nothing about the file's contents. It's just magic that Windows trusts for some reason. There was that one file distributed as a meme that was a .png but also a .mp3 in one.
I'm so grateful that the company's are working to protect their customers and friends. But it is still up to us to make sure we know how to protect ourselves. Thank you.
@@Sam_Saraguy Are you kidding the Young whipper snappers who think they know what's going on are most likely to fall for this trick cause they think they're too smart.
Maybe Microsoft can block shortcuts from the web and only allow those created by the user. Also maybe they should show a warning before opening any file from the web, just like macOS.
Yeah. a very good way is that ANY file that has come from internet shows a warning specially if it is a link or it wants to execute any program or command line program... that's why anyone should never use admin account as main account.
That will break so much javascript. Mostly the pointers used in ads and older websites. The way the newer HTML is written it is parsed in a different way but the older ones will be broken if you do that.
Could be useful to just do a quick reenactment as an example to show how quick this process can happen; this way, you don't have to reassure the viewer that it can happen faster than it seems. You could even have it be a ytshort and link to this video for more detail.
At this point in time I feel like the #1 thing Windows could do to guard users against malware is to get rid of the "hide extensions" option (or at least have it show extensions by default). Can't tell you how many people I've known over the years to accidentally run a virus disguised as a .txt or that kind of thing.
Information is a good thing. Extensions are information. Therefore, hiding extensions is a bad thing. Windows ever hiding them is one of their many failures in the name of, "simplicity over functionality".
Even though I run Linux, (these payloads are usually Windows specific), I'm always VERY wary about opening any email attachments. My suggestion for Windows users is to setup a Virtual Machine (VirtualBox is free), and open your emails in that. You can take snapshots, so that if the VM is compromised, you can simply reset to a saved VM. Yes, it's work, but not as much grief as having your PC compromised!
Thanks for these awesome updates on viruses/hacks and how to defend against them. More people should be watching you to keep informed on what's going on out there.
The only reason these attack vectors are still used so much is that Windows doesn't show the file extensions by default. I mean I've had them shown for like last 20 years and it helps you get rid of most of this bullshit.
It already does, i bought a new computer, i installed windows 10 and when i logged in with my Microsoft account the show file extensions option along with many other settings were synced up from my old laptop to my new computer
It would make sense to never, ever hide information such as file extensions. But they live in this fantasy world where hiding things makes them "simpler" and somehow that is more important than actual functionality.
@@repachino Always showing file extensions means malicious files are easier to identify just by looking at actual extension and not just truncated file name. E.g., you have a malicious file a.doc.exe. Without this option it looks like a.doc file which for inexperienced person may mean a Word file, but it's actually an executable, as evidenced by otherwise hidden .exe part.
So Windows will mount an iso file without prompting for Administrator access? And it will let powershell do nasty things without Administrator privileges? I thought they had "fixed" that as far back as Vista. Or maybe they unfixed it to make Windows "easier"? (I honestly don't know as I use Linux almost exclusively.)
I have set User Account Control Center (UAC) to highest level - Notify always when apps try to make changes on my comp..and when i make changes to my computer...too. It is good to set for those who visit unfamiliar untrusted sites , install new apps a lot. If it set to level 4 .. when you double click .iso it will ask show pop up dialog box with security warning.
@@dconnectzone Seems like a good idea, but appears complicated, because you have to set some number of flags (up to 10?) under group policy. The function of each of those flags is not all that clear, at least to me, so I have no idea how to set an effective but not crippling group policy on my Win 10 machine. Or I would do it. I've used group policy to block Win 10 feature updates for 90 days, and this seems much more critical.
The security model for both Unix-like and Windows is "allow it unless it interferes with other users". Administrator access is meant so a user is able to do things that affect other users, it is not meant as a "you want to be careful around this", even if users think that. What do you mean "do nasty things"? Again, without Administrator access, you can do anything as long as it does not affect other users. Also, the reason Linux won't mount ISOs as a normal user is purely technical, because the Linux devs don't think they can protect themselves against a malicious disk image.
@@Sam_Saraguy I'm on window 11 by the way and if you type UAC in taskbar search it will bring UAC dialog box and yea it has 4 level the highest. Windows provides so many tools to be better protect but these tools are complex and not ideal for us like user. Windows 11 does have a bit higher security in mind.
Excellent advice! I am running a small business. I get all kinds of unsolicited emails having attachments telling me I have an invoice to pay or there is a document I must read, and so-on. I delete these!
I got one of those, I didn’t think it was a virus but I tried deleting it because I didn’t know what it was. It said it was still running so I reset my computer and quickly deleted it before it could start back up. I’m glad I didn’t open it. We need more hero’s like you 👍
Shortcut icons can be changed, and executable extensions can be hidden with a Unicode control character that reverses text direction. Checking the file type is currently the most surefire way to detect an attack.
Thanks you for sharing your computer knowledge and facts. If really helps.. Im 47 years old and still learning computers (lol) my first grader loves your show. Every chance she gets she watches your show thank you and keep it up
After watching this I am glad I use Linux for most things and only boot into Windows for games I can't run on Linux. I still have to be careful but I think Linux is a lot safer because so few people use it that hackers don't bother with it much. Sometimes it pays off to be an odd ball.
I actually got one of the docusign fishing links right after I started a new job. I ALMOST fell for it but decided to screenshot it and check with the company.
Even if you have "show file extensions" enabled (and I always do), the real issue is at 5:51... a harmless-looking shortcut that runs an executable. For shortcuts Windows really needs to show not the .LNK extension but the extension of whatever the shortcut is configured to run, in this case the ".exe" of C:\Windows\System32\cmd .
No, .lnk instead of the extension of what it runs. You'd get more confusion about "why is this exe not actually an executable" from more tech-savvy users.
As a quick and terrifying note, A more modern attack I've seen lately is to use nothing but a teams shortcut to install viruses. The teams updater is a squirrel updater, the squirrel updater is a commandline tool for updating software with a --update property to specify where to download the update from. This means a link can point to teams as the application it is running, and specify that it is updating from a malicious link, which will install a virus on your system.
Yeah, it seems like they should have learned at this point. Probably the new generation didn't learn the basic things that older tech people know. Either way, Microsoft should have plugged these holes by now. I can't believe we are still dealing with the problems that plagued windows back in the early 2000s.
Gets even better, they have automated most of this process. I pulled one apart a while back and it replaces some to the system32 files and edits the registry. Even went so far as hiding the disk image. it didnt even download anything until the system was infected. the HTM was in a svg and was encoded backwards. so very strange and fascinating.
The best advice of all is don't open email from anyone you don't know. And also don't open email from people you do know if the email is unexpected or out of place or something is odd about it or is not something that your friend would normally send you.
As a variant to this, I once had an e-mail with another e-mail (.eml file) attached to it. The original e-mail was legit but the attached one had a fake sender address and a malicious attached file. Because it was sent as an attachment none of this had been blocked by the filter. Also as a sidenote, it is possible to show the .lnk extension of shortcuts by editing some registrer value (don't remember which but it's easily googlable)
I got a job offer in ArtStation that got all the red flags: no company, no game name, no socials or website. The example documents had the redflags from the video. Password protected zip file, images with .exe extension. 7zip shows file extensions by default so it was a dead giveaway.
When you click the shortcut and it runs the virus .exe, shouldn't an anti-virus program detect the virus at that point? If not - what good are the AV programs?!
It bypasses detection when you open it the way that it is packed. He did say something about it. I came to the comments for a similar question, How do we train our virus/malware scanners to still scan these files, and How can these virus programs not see the virus/malware during a full scan.
@@indykurt Yeah. I would have thought, although it's apparently not the case, that if it the system loads an exe, regardless of what happened before that, the AV would intercept it at that point. That bit of detail would be interesting to know!
Oh the .ISO fils, anyone familiar with bootlegged software may know these kind of files. But he is right, hackers take advantage of people like us who ignore certain details like this. Good job man.
Just be like be, suspicious of everything, use a bootable thumb drive with Linux on it to open anything suspicious and if you're not expecting an email just ignore it. Everything you said is good and always keep your antivirus updated, do a full scan weekly minimum, keep all important data stored on a offline drive (two for a backup) that is stored in a safe place. Have a recovery disk and a copy of your OS if needed.
Properly screening e-mails is the first step to avoiding this. If a (large) company sends an e-mail and it's not using a company e-mail server then just delete it.
Some files people don't know what they are or what they do but are required by the system or program to work. (hopefully those that don't know what these are don't go and delete them thinking it might be malware)
This would be super effective on us Mac users because nearly all Mac apps come as DMG files so if we downloaded a file from a sus email and it was a disk image we wouldn't be suspicious at all
I know you didn’t mention this in the video but what does the malicious file do on your computer after you click the file with the script to run the malware? You explained how the scammers get you to click it but I really want to know what the malware does in Office? Great vid btw 2 :)
If you are getting someone to click a link, you can get the file to do anything, it doesnt open office at all. You can install a virus or root kit, malware, a key press sniffer, a mass delete of files or anything a program could do.
I literally got one of those invoice html emails less than a week ago. It wasn't as elaborate as the one you narrated so I was able to identify it as weird
There is a way to make the .lnk show using the registry editor, but i can understand if you don’t feel it’s easy enough for the average viewer to understand It’s something like HKCR\LnkFile NeverShowExt: set to 0
I don't know if this would help this particular case, but one way to reduce your zone of vulnerability is to NOT USE an account with Administrator privileges! You don't need it for day-to-day operations and it means any EXE will execute with little or no warning. I've setup all my family with simple USER accounts so any sudden requests for Admin privileges can be scrutinized first.
After all this time I don't know why people click on anything, I don't click on any link that I did not initiate, I don't open any text that I did not request, and I don't answer any calls that I don't have in my contacts. If people did this no one would be a victim of hackers.
JOE, I'VE BEEN WITH YOU I THINK SINCE YOUR FIRST WEEK! 11-12 YEARS AGO??!! DAMN, THESE HACKERS HAVE SO MANY BRAINS, WHY NOT GET A LEGIT JOB, PROBABLY MAKING 6-7 FIGURES!!!!!!!! AS YOUR VID JUST SAID, THEY WILL ALWAYS BE A TAD AHEAD OF US!!!!!!!, OK MY RANTS OVER, WHAT ARE YOUR THOUGHTS?????? GREAT VID AGAIN, THANKS!
Note that shortcuts usually get the icon from the target file, get they can also have a different icon set for them. EXE files can also have an icon embedded. A file might have the icon of a word document, but still be something else entirely.
These days I have a policy of giving zero personal info over the phone, it really annoys all the callers asking me to confirm my identity. Like Bill collectors.
I really wish Microsoft would enable displaying file extensions by default.
By Billy Gates way of thinking, that would be too confusing to the average granny computer user. Better to infect than educate grandma.
@@Shermanbay fr ? Bruh well rip credit card info for the x grandmas not having file extensions
@@Shermanbay yeah because a couple more letters a the end of a file name will blow your nana's mind
Lol
@@TollyH i agree
This is like the most suspicious possible thing ever and the sad thing is I could genuinely see some granny falling for this.
It's absolutely absurd that file extensions are STILL disabled by default in Windows AND the fact that shortcuts don't have a dedicated file extension is weird
You technically can show them for shortcuts but you have to do it via the registry
@@ThioJoe very odd behavior. this is why I use Linux xd. in any case it's good to keep this in mind if I ever get a windows gaming box or something
@@ThioJoe how??
@@hostgrady Could also be done on Linux. .tar files can store symlinks and file modes. Only thing that helps is if your shell prompts if you want to execute a file or open it.
@@bernardonegri5416 what are you referring to?
Thank you for not blaming the victims. I see so many people blame people for getting infected. "use common sense" is a common phrase. Well yes, ideally reason will always help. However, how do we apply that logic to the elderly or developmentally disabled? Or the layperson who is stressed--stress and exhaustion can severely impact one's decision making. So, for all of the people out there, thank you for being informative, rather than condescending.
Yup. social engineering is a big part. A victim falls always due to some sort of manipulation, it's not the victim's fault if it was tricked to do that.
Not all computer users are elderly or the mentally disabled.
Stress is a bit one, even the most tech savvy of us can potentially do something stupid when stressed out. Most computer users are even worst off as they don't understand things the way we do. Most people think like a technician, they follow instructions and don't ask or care how anything works (different priorities). Others think like an Engineer always questioning why things are the way they are, always skeptical. (To be fair/clear when I say they think like technicians I'm talking about the average technician in my experience that really doesn't understand jack squat). Even if you don't have an Engineering mindset you can still protect yourself by educating yourself on what to look out for which is why videos like this one are so important and even if you do have an Engineering mindset there could be things you would normally overlook because you've done similar stuff enough times that you've stopped thinking about it.
Yep I agree
Actually if a person doesn't even know what a virus is or how it works, nor how a virus could worm your way to your PC. Then it's a pretty easy way to get infected. And it doesn't matter if you're smart or not it's gonna get you
So cyber security knowledge is key too(although nowadays this is 'common sense')
It's just easy to not trust anyone. That's why it's just stupid to fall for stuff like this
Note that the "type" column in Windows does NOT show what type or kind of file this is. It only shows what program has been assigned in that computer to open that kind of file. The system does not verify that this is a good association or even a valid one; program installation routines regularly alter this association. For this reason, I never enable the (misleading) type display, but do look at the actual extension.
yeah, not exactly relevant but i HATE this about windows. there's no such thing as a "Firefox HTML Document" or "VLC Media File" (that one is especially bad because it registers about 900 extensions by default that are rarely actually media files, probably most notably .bin). part of that is due to windows not having magic-based file type detection like XDG desktop environments have.
and I can't believe they haven't removed "hide file extensions" or at the very least turned it off by default at this point due to how much it easily it can be used to mask malware
@Watcher ok but how do you actually enable that "*NIX" thingy
Sherman, what are ye on about? The type column uses the extension to get the description of the file type. It's not misleading because it tells you exactly what the extension *would normally open with*.
The extension itself is misleading, if the file is of another type than what you see it's ended in.
And even if that is the case, so what? If the file is an actual malicious exe but ending in .pdf, no big deal. No pdf reader will interpret it and just spit out an error.
If the file is apparently an innocent pdf but ends in .exe, the type column will still list it as "Application" because that's the extension. Does the file's icon confuse you? You can maliciously give apps any icon, even the one of a pdf file.
And THAT is the reason why you should always enable file extensions, and no reason why you have to disable the type column.
It's not the OS' job to check if "this is a good association or even a valid one". There are thousands of file types, and it doesn't fall on Windows to know and verify their headers... That would ruin drive lifespans if you think about it.
Also, keep your OS and virus definitions updated.
@Watcher NOT relying on the file extension to select the program is more dangerous. Imagine clicking on "photo.jpg" but it's actually an executable.
@@ailivac also .ts files, which I'd assume are 99% of the time TypeScript source files and not videos
i feel like disk images having the extension of .img is really dangerous since a scammer could send a file claiming it for be a photo of a certificate or something and this could be used maliciously. super scary stuff
Just like .omg 😱
same way scammers have used ".scr" as "screenshot" instead of screensaver (renamed exe)
I'm sure whoever came up with the .IMG format just thought they were being clever calling a disk image an IMG. If memory serves IMGs were generally used for floppy disk though I think they can be used for other disk formats as well (pretty sure I've seen them used by some PS1 emulators back in the day).
@@grn1 yeah but ps1 img files are disk images, they're just the games files on the file but yeah true
Okay yeah, but you have to be pretty dum dum to see the icon and realize it doesn't look like any thumbnail or image icon you have ever seen before. And if someone is indeed that unknowledgeable about computers, then they can be exploited in any number of ways anyway.
Yeah, Windows Defender's "Smart Screen" will prevent you from running a certain executable, but when you open the command prompt as an administrator and run the same executable from there, it will bypass the "Smart Screen", which is kind of hilarious
This seems like it would be an easy fix for Microsoft:
*Warning*
The shortcut you tried to open will execute a Windows command, which is often used by malware to bypass Windows' security and harm your system. Are you sure you want to open this shortcut?
□ Don't show again for this file
[Yes] [No]
@@Pasu4 Your design is actually pretty bad. You should not have "Yes" shown by default on such a screen. Do it like SmartScreen where you have to click extra to see the "Run Anyway" button. So it takes two more clicks instead of one to execute.
You mean that ROOT has power? Go figure.
@@Lovuschka I agree, but Windows has basically the same options (Run / Cancel) when you try to run a .exe from the internet. But of course this wouldn't be a problem in the first place if SmartScreen caught programs opened from cmd / Powershell by automated scripts / files from the internet.
Welp that's fatal
This guy deserves a prize for his channel.
Thank you for your research and work.
I've always felt that there was something wrong with Windows hiding file extensions. This perfectly illustrates one of the reasons why it's wrong. It's a security hole for people that don't pay enough attention. This is actually one of the things I dislike about Linux, it doesn't require file extensions for anything. Most graphical environments will read the file type magic from the header and correctly display icons. Though to its credit executables will get their own icon, generally a cog. Although since it requires the executable bit to be set, you could actually `chmod -x *` when you unpack an archive and prevent that. It's still annoying to not have a .exe or even what I name my programs with a .x as their extension.
No, that's false. Linux does require file extensions for most user space programs to work. For example, clang and gcc need specific extensions for files that you want to compile.
The difference is that the kernel knows the file by reading its contents, not the extension, but that doesn't mean extensions are unnecessary.
There's still an element of trust even with extensions visible. In that the file is what the extension says it is. That's why antivirus and malware scanners look over the file thoroughly. Trust but verify as the saying goes.
@@brodriguez11000 Incorrect. The extension says nothing about the file's contents. It's just magic that Windows trusts for some reason. There was that one file distributed as a meme that was a .png but also a .mp3 in one.
I'm so grateful that the company's are working to protect their customers and friends. But it is still up to us to make sure we know how to protect ourselves. Thank you.
So it's grandma's fault, not Microsoft's, when she falls for this? When it is MSFT who is leaving the door open?
@@Sam_Saraguy
Are you kidding the Young whipper snappers who think they know what's going on are most likely to fall for this trick cause they think they're too smart.
Just click the links
@@Reth_Hard
Let me guess when you was a little kid you would always get into the Van's for candy. 😂🤣😂🤣
companies*
Maybe Microsoft can block shortcuts from the web and only allow those created by the user. Also maybe they should show a warning before opening any file from the web, just like macOS.
Yeah. a very good way is that ANY file that has come from internet shows a warning specially if it is a link or it wants to execute any program or command line program... that's why anyone should never use admin account as main account.
That will break so much javascript. Mostly the pointers used in ads and older websites. The way the newer HTML is written it is parsed in a different way but the older ones will be broken if you do that.
Better idea why the hell does windows auto mount disk images when double clicking them? Especially from an archive.
But they already do that for files downloaded from the web
@@kim-hendrikmerk4163 it doesn't? You need WinCDEmu for that?
Could be useful to just do a quick reenactment as an example to show how quick this process can happen; this way, you don't have to reassure the viewer that it can happen faster than it seems.
You could even have it be a ytshort and link to this video for more detail.
At this point in time I feel like the #1 thing Windows could do to guard users against malware is to get rid of the "hide extensions" option (or at least have it show extensions by default). Can't tell you how many people I've known over the years to accidentally run a virus disguised as a .txt or that kind of thing.
Information is a good thing. Extensions are information. Therefore, hiding extensions is a bad thing. Windows ever hiding them is one of their many failures in the name of, "simplicity over functionality".
Aka the Mac philosophy, but those take it to 120%.
As a rule of thumb, it is important to remember that any and every file type can be malicious.
even .docx files
@@Sol4rOnYt Especially .docx files, since they can run code through VBA macros, but many other file types do as well.
.txt
There's also a "Link target" column in Windows Explorer, in detailed view.
That will tell immediately if a file is a shortcut, and where it leads.
Even though I run Linux, (these payloads are usually Windows specific), I'm always VERY wary about opening any email attachments. My suggestion for Windows users is to setup a Virtual Machine (VirtualBox is free), and open your emails in that. You can take snapshots, so that if the VM is compromised, you can simply reset to a saved VM.
Yes, it's work, but not as much grief as having your PC compromised!
Linux best 👍
Thanks for the heads up. It good to know that somebody is vigilant and kind enough to share the info about these dangers. Nice work! Thanks!
Thanks ThioJoe, was well put together. Will share this with some of my office people so they can educate/familiarize themselves some more.
Thanks for these awesome updates on viruses/hacks and how to defend against them. More people should be watching you to keep informed on what's going on out there.
The only reason these attack vectors are still used so much is that Windows doesn't show the file extensions by default. I mean I've had them shown for like last 20 years and it helps you get rid of most of this bullshit.
Awesome video bro, super informative. Thanks for keeping us all noobs aware and updated man. Much Love ❤️
Yeah, you're right regarding the .LNK. Scary 😶
Wouldn’t it make sense for Microsoft to save settings like “show file extension” to the Microsoft user account so they’re applied across devices.
It already does, i bought a new computer, i installed windows 10 and when i logged in with my Microsoft account the show file extensions option along with many other settings were synced up from my old laptop to my new computer
Yeah
It would make sense to never, ever hide information such as file extensions. But they live in this fantasy world where hiding things makes them "simpler" and somehow that is more important than actual functionality.
I've been retired for about 30 years and it still amazes me all the new tricks and bombs out there. Thanks! Learn something new every day.
This was excellent and I really appreciate the visions to help keep people aware of developing dangers.
Windows should have "Always show file extensions" enabled by default at this point.
@@repachino did this video not make a case for that?
@@repachino Always showing file extensions means malicious files are easier to identify just by looking at actual extension and not just truncated file name.
E.g., you have a malicious file a.doc.exe. Without this option it looks like a.doc file which for inexperienced person may mean a Word file, but it's actually an executable, as evidenced by otherwise hidden .exe part.
So Windows will mount an iso file without prompting for Administrator access? And it will let powershell do nasty things without Administrator privileges? I thought they had "fixed" that as far back as Vista. Or maybe they unfixed it to make Windows "easier"? (I honestly don't know as I use Linux almost exclusively.)
Why would I need administrator access to mount an iso? The image doesn't necessarily do anything that would need higher privileges.
I have set User Account Control Center (UAC) to highest level - Notify always when apps try to make changes on my comp..and when i make changes to my computer...too. It is good to set for those who visit unfamiliar untrusted sites , install new apps a lot. If it set to level 4 .. when you double click .iso it will ask show pop up dialog box with security warning.
@@dconnectzone Seems like a good idea, but appears complicated, because you have to set some number of flags (up to 10?) under group policy. The function of each of those flags is not all that clear, at least to me, so I have no idea how to set an effective but not crippling group policy on my Win 10 machine. Or I would do it. I've used group policy to block Win 10 feature updates for 90 days, and this seems much more critical.
The security model for both Unix-like and Windows is "allow it unless it interferes with other users". Administrator access is meant so a user is able to do things that affect other users, it is not meant as a "you want to be careful around this", even if users think that.
What do you mean "do nasty things"? Again, without Administrator access, you can do anything as long as it does not affect other users.
Also, the reason Linux won't mount ISOs as a normal user is purely technical, because the Linux devs don't think they can protect themselves against a malicious disk image.
@@Sam_Saraguy I'm on window 11 by the way and if you type UAC in taskbar search it will bring UAC dialog box and yea it has 4 level the highest. Windows provides so many tools to be better protect but these tools are complex and not ideal for us like user. Windows 11 does have a bit higher security in mind.
Excellent advice! I am running a small business. I get all kinds of unsolicited emails having attachments telling me I have an invoice to pay or there is a document I must read, and so-on. I delete these!
I got one of those, I didn’t think it was a virus but I tried deleting it because I didn’t know what it was. It said it was still running so I reset my computer and quickly deleted it before it could start back up. I’m glad I didn’t open it. We need more hero’s like you 👍
Always clear, to the point, and helpful. Thank you.
3:44 ecosignal is a genuine company.. the fact those scammers managed to spell a local, non-english name correctly is kinda scary tbh
Shortcut icons can be changed, and executable extensions can be hidden with a Unicode control character that reverses text direction. Checking the file type is currently the most surefire way to detect an attack.
Thanks you for sharing your computer knowledge and facts. If really helps.. Im 47 years old and still learning computers (lol) my first grader loves your show. Every chance she gets she watches your show thank you and keep it up
After watching this I am glad I use Linux for most things and only boot into Windows for games I can't run on Linux. I still have to be careful but I think Linux is a lot safer because so few people use it that hackers don't bother with it much. Sometimes it pays off to be an odd ball.
It can happen to any of us (me recently) heck, even Jim Browning got tricked into deleting his youtube channel and he hunts scammers.
Interesting!!!! Thank you for the information and keep me updated!!
Password-protected zip files aren't necessarily protected from scans.
They are usually opened up by the provider be it Gmail or whatever
I actually got one of the docusign fishing links right after I started a new job. I ALMOST fell for it but decided to screenshot it and check with the company.
This is an eye-opener. Thanks for sharing!
Even if you have "show file extensions" enabled (and I always do), the real issue is at 5:51... a harmless-looking shortcut that runs an executable. For shortcuts Windows really needs to show not the .LNK extension but the extension of whatever the shortcut is configured to run, in this case the ".exe" of C:\Windows\System32\cmd .
Nah, this will be annoying and it won't help people, .lnk is more sus, than exe, +if you would click a random lnk, you would 99% click an exe
No, .lnk instead of the extension of what it runs. You'd get more confusion about "why is this exe not actually an executable" from more tech-savvy users.
A tricky filename is a good one. Beware.
@@arairon Maybe .Ink.exe
Exe is the actual extension that it'll lead to and Ink is just an fyi
@@polygontower It cannot be in the file name/extension, that would be annoying and misleading
love the blue-green ms edge themed background
Attackers are getting more and more creative. Super convoluted method but it must work well to be used
2600: The Hacker Quarterly started in 1984 covers how creative black and white hackers are.
As a quick and terrifying note,
A more modern attack I've seen lately is to use nothing but a teams shortcut to install viruses.
The teams updater is a squirrel updater, the squirrel updater is a commandline tool for updating software with a --update property to specify where to download the update from.
This means a link can point to teams as the application it is running, and specify that it is updating from a malicious link, which will install a virus on your system.
Will I start .exe virus if I right-click on .exe file and open with Notepad++ for example?
no
best tip ever. just don't download attachments from your email. unless it's for work or a close personal friend. don't trust strangers.
the shortcut with a normal folder icon, but actually starting a script is actually scary and easy to overlook
So in essence, regular users have forgotten all the things that regular users were interacting with in the early 2000s, and now they are wide open.
Yeah, it seems like they should have learned at this point. Probably the new generation didn't learn the basic things that older tech people know. Either way, Microsoft should have plugged these holes by now. I can't believe we are still dealing with the problems that plagued windows back in the early 2000s.
Gets even better, they have automated most of this process. I pulled one apart a while back and it replaces some to the system32 files and edits the registry. Even went so far as hiding the disk image. it didnt even download anything until the system was infected. the HTM was in a svg and was encoded backwards. so very strange and fascinating.
Thanks for the captions and clear explaination
If you didn't know, iso files (disk images) are actually setup files for OS's
The best advice of all is don't open email from anyone you don't know. And also don't open email from people you do know if the email is unexpected or out of place or something is odd about it or is not something that your friend would normally send you.
Thank you, I was unaware of the lnk. file for shortcuts, crikey!!!
Oh crap!..
Normal humans shouldn't have to deal with this.
It is such an abuse of convenience.
Fantastic info video thank you 👏👏Any and all emails I don't recognise or I don't know I just delete and remove entirely.
As a variant to this, I once had an e-mail with another e-mail (.eml file) attached to it. The original e-mail was legit but the attached one had a fake sender address and a malicious attached file. Because it was sent as an attachment none of this had been blocked by the filter.
Also as a sidenote, it is possible to show the .lnk extension of shortcuts by editing some registrer value (don't remember which but it's easily googlable)
The interaction part I grapple with on Discord already with, for example Steam report and game dev scams.
microsoft should really AT LEAST add the option to see the .LNK extension
I got a job offer in ArtStation that got all the red flags: no company, no game name, no socials or website.
The example documents had the redflags from the video.
Password protected zip file, images with .exe extension.
7zip shows file extensions by default so it was a dead giveaway.
When you click the shortcut and it runs the virus .exe, shouldn't an anti-virus program detect the virus at that point? If not - what good are the AV programs?!
It bypasses detection when you open it the way that it is packed. He did say something about it. I came to the comments for a similar question, How do we train our virus/malware scanners to still scan these files, and How can these virus programs not see the virus/malware during a full scan.
@@indykurt Yeah. I would have thought, although it's apparently not the case, that if it the system loads an exe, regardless of what happened before that, the AV would intercept it at that point. That bit of detail would be interesting to know!
Oh the .ISO fils, anyone familiar with bootlegged software may know these kind of files. But he is right, hackers take advantage of people like us who ignore certain details like this.
Good job man.
Just be like be, suspicious of everything, use a bootable thumb drive with Linux on it to open anything suspicious and if you're not expecting an email just ignore it. Everything you said is good and always keep your antivirus updated, do a full scan weekly minimum, keep all important data stored on a offline drive (two for a backup) that is stored in a safe place. Have a recovery disk and a copy of your OS if needed.
Great video thanks I love it 👍
Properly screening e-mails is the first step to avoiding this. If a (large) company sends an e-mail and it's not using a company e-mail server then just delete it.
It should be very easy for scammers to set up their own email domain.
Some files people don't know what they are or what they do but are required by the system or program to work. (hopefully those that don't know what these are don't go and delete them thinking it might be malware)
Thanks Joe for the update on the latest hacker tricks. Much needed info to keep safe.
this is by far best video for HACKERS 👀
This would be super effective on us Mac users because nearly all Mac apps come as DMG files so if we downloaded a file from a sus email and it was a disk image we wouldn't be suspicious at all
Thanks for the video, very helpful and well explained. Off to make so soft
Thanks a lot for this well explained video! You did a very good job, continue like that!
I know you didn’t mention this in the video but what does the malicious file do on your computer after you click the file with the script to run the malware? You explained how the scammers get you to click it but I really want to know what the malware does in Office? Great vid btw 2 :)
If you are getting someone to click a link, you can get the file to do anything, it doesnt open office at all. You can install a virus or root kit, malware, a key press sniffer, a mass delete of files or anything a program could do.
You deserve 10 million subs for letting everyone know about new tricks of hackers
Thank you Sir! I get these bogus email at awork and home often.
Okay thanks for beautiful information.
Helpful
Great video!
Thanks!
had no idea that .lnk extension doesnt get displayed EVER... good to know
thanks bro this is helpful to the community
Great video!
Thnx for making these videos!!!
Thanks Thio, love the videos
I've been seeing this strategy used for a couple years now.
Thanks for saving us again. Hail @ThioJoe
Thank You very much!
I literally got one of those invoice html emails less than a week ago. It wasn't as elaborate as the one you narrated so I was able to identify it as weird
Thanks, had exactly this attack today 😄
There is a way to make the .lnk show using the registry editor, but i can understand if you don’t feel it’s easy enough for the average viewer to understand
It’s something like HKCR\LnkFile NeverShowExt: set to 0
A while ago I enabled .lnk extensions in regrdit. I recommend everyone (who knows what they are doing) to do that.
Really great Video...explained so well
Video well Joe, thanks.
superb as always 🙏❤️
I don't know if this would help this particular case, but one way to reduce your zone of vulnerability is to NOT USE an account with Administrator privileges! You don't need it for day-to-day operations and it means any EXE will execute with little or no warning. I've setup all my family with simple USER accounts so any sudden requests for Admin privileges can be scrutinized first.
After all this time I don't know why people click on anything, I don't click on any link that I did not initiate, I don't open any text that I did not request, and I don't answer any calls that I don't have in my contacts. If people did this no one would be a victim of hackers.
JOE, I'VE BEEN WITH YOU I THINK SINCE YOUR FIRST WEEK! 11-12 YEARS AGO??!! DAMN, THESE HACKERS HAVE SO MANY BRAINS, WHY NOT GET A LEGIT JOB, PROBABLY MAKING 6-7 FIGURES!!!!!!!! AS YOUR VID JUST SAID, THEY WILL ALWAYS BE A TAD AHEAD OF US!!!!!!!, OK MY RANTS OVER, WHAT ARE YOUR THOUGHTS?????? GREAT VID AGAIN, THANKS!
Note that shortcuts usually get the icon from the target file, get they can also have a different icon set for them. EXE files can also have an icon embedded. A file might have the icon of a word document, but still be something else entirely.
0:00 I find it so funny how the hacker video in the background shows how its just somebody using a Windows video player
Great video thx. Keep up the good work. 👍👍👍
Hey thanks for this information. I needed to know this 👍
Thank you Joe
Hackers using the new strategy: Oh no... ThioJoe exposed us!
These days I have a policy of giving zero personal info over the phone, it really annoys all the callers asking me to confirm my identity. Like Bill collectors.
3:30 RIP QUEEN ELIZABETH II :C
(1926 - 2022)
[aged 96]
😭😢