I was reminded recently of one of the obscure reasons that Windows can so often be a dangerous operating system in a world where the bad guys are so frequent.
The latest reminder came from a number of colleagues who received an email claiming to be from Royal Mail, regarding a lost or misdirected parcel. The email had an attachment which was zipped. Unzipping the file produced a file with the ‘extension’ to its name of .pdf.exe.
And in this simple fact lies the danger. Windows uses file extensions in a number of ways. For a start, it uses the file extension to choose what type of icon to use. But it also uses the file extension to choose what to do if the file is ‘opened’. In the case of the rogue email, Windows glibly uses the pdf file type icon. To most users this is a familiar file type and is often safe, and they may feel ready to click on the file. But at this point the system will use the second part of the extension to select what to do with the file, in this case running the rogue program.
Fortunately most users are already running an anti-virus program and the bad guys have been thwarted.