Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 04, 2016, 04:36:48 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Dangerous Windows shortcut 'trick'  (Read 1936 times)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Dangerous Windows shortcut 'trick'
« on: July 03, 2006, 02:59:44 AM »
http://www.zdnet.com...3341,39259246,00.htm

Quote

This week I learned about a "trick" that you can do in Windows which, as far as I am concerned, is a serious security risk.

In an article written by Infoworld's Roger Grimes, he describes a "feature" in Windows that allowed me to run an executable file by simply typing a Web address into Internet Explorer.

Test it yourself:

* Right click on the Desktop and create a new Shortcut
* Point the shortcut to an executable -- such as c:windowssystem32calc.exe
* Call the shortcut www.microsoft.com
* Start Internet Explorer and type "www.microsoft.com" into the address bar

For the past few years, banks have been advising their customers to type their online banking URL into the browser -- instead of clicking on a link that may be a phishing scam.

If a piece of malware created this kind of shortcut, called it your online bank's name and then pointed the shortcut to a malicious file, the next time someone used that computer and, using the banks advice, tried to log on to their online bank, they would execute the malicious file.


I have noticed this behavior in IE before and even have been annoyed at the autocomplete trying to suggest applications for me to run or other files for me to open instead of a website I want to visit. This seems to be something specific to some Windows versions as this is not an issue in IE 6 on 9x.

I never thought of the security risks this could pose to a user. I just thought it was annoying. I have been very sensitive to the differences between XP and WinME, since I am a new XP user. And it seems the more I use XP, the more I have to be annoyed with...or even afraid of.

Be careful with this one.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Dangerous Windows shortcut 'trick'
« Reply #1 on: July 03, 2006, 11:00:30 AM »
Hmm, interesting.

- carpe noctem