Avoid these Deceptive Malware Tricks

Of course having PC Matic and PC Matic SuperShield installed will help stop threats in their tracks. Nonetheless, it is important to be educated in order to help avoid problems and PC Pitstop also believes in providing our customers with not just a quality anti-malware solution, but training as well.

Let’s take a look at two deceptive methods that malware sometimes uses to try and trick computer users into becoming victims.

Trick 1 – The Icon Change

Take a look at this screenshot:
Malware posing as a folder by using the folder icon
Had we not highlighted it, I bet you wouldn’t have noticed that this folder isn’t a folder at all, and is in fact an executable malware file!

This is because this PC does not have the “Show File Extensions” option enabled in Folder Options. We will show how to do this at the bottom of this article. The only other clear way to spot this tactic without file extensions enabled is to look for the “Application” document type in the locations shown. The problem with this is that a user will double-click the file thinking it’s actually a folder and then run the malware. With visible file extensions, the user would see a “.exe” appended at the end, and no real folder would have this.

Trick 2 – Fake File Extension

This trick is even simpler but it can be quite effective as well. Without Show File Extensions on, a file can still be named “report.docx” for example and its icon can be changed to a Microsoft Word Document icon. However, this file can actually still be an executable malware file. In this case, the file will look like a docx and it will even have the icon of a docx, but double-clicking it will launch malware and give it control over the machine. However, showing file extensions will expose this because the file will then show up as “report.docx.exe” which is a dead-giveaway that not only is this not a document file but it is trying to pose as one and trick you! Please note that .exe files are not the only type of file that can be malicious. While some are worse than others, the only guaranteed-safe file is a .txt file but this is only the case with Show File Extensions ON! Otherwise, it could be a fake .txt file which is actually another format as we introduced above.

These tricks are not new, but coming across them can be rare so the mind is not prepared to do a quick visual check of a new file and can miss such a minute visual difference like this. PC Matic has blocked such attacks many times and in our malware repository, we have seen files such as .docx.wsf which are malicious script files disguised as document files so long as the user cannot see the file extension.

The Solution

One way to prevent malware from deceiving you in this way is to have Explorer show you file extensions for every file. To do this:

On Windows 7 and up, hit the Windows key or click the Windows logo icon in the bottom left of the screen, then type “folder options” and click the first result which will say either “Folder Options” or “File Explorer Options.” Now you will have a dialog box with 3 tabs at the top:

Windows 7 Folder Options in Start Menu

Windows 7 Folder options in Start menu

Note that in Windows 10, the option will appear in the Start Menu as follows:

Windows 10 Folder Options

As it appears in Windows 10, it’s called “File Explorer Options.” Click it!

For Windows XP, an effective way to do this is to go to Start -> Control Panel -> Folder Options.

Click the “View” tab, then scroll down the list until you find “hide file extensions for known file types”:

Show File Extensions

Uncheck hide extensions for known file types

Uncheck the box, click Apply and click Ok. Now all of your files will display their file extensions like .exe, .swf, .pdf, .txt, .docx and etc… If you right click a file and click rename and then change or delete the file extension, Windows Explorer will no longer recognize that the file is the proper type until you put it back, so just be wary of that. The upside though is now file extensions cannot hide from you and you can easily spot the tricks mentioned above!

(Visited 95 times, 1 visits today)

5 thoughts on “Avoid these Deceptive Malware Tricks

    • Charlie, thanks for your question.

      These tricks occur in Windows File Explorer, which is the program used to view files and folders on your PC. For example, when you open up “My Documents,” you are using File Explorer. This is the explorer that we were talking about in the article rather than Internet Explorer. This trick occurs in the File Explorer, not the web browser. Does that make sense?

      -Todd
      Malware Researcher
      PC Pitstop Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *