Microsoft has failed to remove a long-recognised Windows Explorer security risk from Windows 7, according to security company F-Secure. The ‘hide extensions’ feature, which was present in Windows NT, 2000, XP and Vista, is included in the Windows 7 release candidate, F-Secure’s chief research officer, Mikko HyppĂśnen, said. The feature could allow virus writers to trick users into opening and running malicious files, he added.
“In Windows NT, 2000, XP and Vista, Explorer used to Hide extensions for known file types,” HyppĂśnen wrote in a blog post on Tuesday. “And virus writers used this ‘feature’ to make people mistake executables for stuff such as document files.”
For example, malicious code writers could name a ‘virus.exe’ file as ‘virus.txt.exe’ or ‘virus.jpg.exe’, he said. Windows Explorer would then hide the .exe part of the filename, meaning that the user would only see ‘virus.txt’ or ‘virus.jpg’. Additionally, virus writers would change the icon displayed with the file in Windows Explorer so it looked like the icon of a text file or an image. Users might then click on the disguised file.
The blog post appeared on the same day that Microsoft had been scheduled to make the Windows 7 RC1 available for download to the public, although the OS release did in fact arrive early. Microsoft made its Windows 7 release candidate available to MSDN and TechNet subscribers on 30 April.
Microsoft had not responded to a request for comment at the time of writing.
Experts: Windows 7 at risk from legacy flaw
Leave reply