On Thu, 18 Jan 2001 19:50:39 -0500, Clarence Verge wrote:
> Or Botton wrote:
>> Intresting tidbit regarding the .SCR puzzle:
>> For Windows, .SCR is almost as .EXE , which is why it is possible
>> to hide trojans as Screen Saver files.
>> Apperently, Windows run the .SCR file as if they were .EXE .
> That's disgusting !
> Here I've been carefully deleting any email with unsolicited .EXEs
> and now I learn the backdoor is built into DOS !
> I just checked a couple of W3.1 screensavers and they start with the 4D 5A
> ..EXE signature. I assume this means you can name a Trojan with damn near
> any extension and as long as it begins with those bytes you've had it. :(
> I'm too revolted to test it. |:\(
Nope, wrong assumption. ;-)
They require either .COM or .EXE
(it's just that .COM and .EXE are interchangable between the 2 file types)
---testit.bat---
ren \pkzip.exe \pkzip.scr
\pkzip.scr
ren \pkzip.scr \pkzip.exe
______________
--- screen cap of running (trying to run) ;-) pkzip.scr ---
[OPENDOS 7.01] C:\>testit.bat
[OPENDOS 7.01] C:\>ren \pkzip.exe \pkzip.scr
[OPENDOS 7.01] C:\>pkzip.scr
Command or filename not recognized
[OPENDOS 7.01] C:\>ren \pkzip.scr \pkzip.exe
[OPENDOS 7.01] C:\>
______________________
--
Glenn
(your friendly neighborhood compu-nerd)
http://arachne.cz/
http://www.delorie.com/listserv/mime/
http://freedos-32.sourceforge.net/
