Heh, Fool.

[RapeU]

So last night I suddenly get an add for msn messenger. After accepting the add I find out it's some person I don't know claiming to be from here Well, he says his "grandma" added me and I saw that "she" did.

So his grandma was all "will you rape me" and I was all "I'm not into older rape, but I might if you send a pic.

She sends me something called pictures.bat. So we have a nice 10 minute argument about how that file is a virus or not (she claimed it wasn't I claimed it was)

After which to prove my point, I created a very simple virus on notepad and sent it to her. After which the person was all "I'm going to hack into your computer" and crap so I quickly disconnected my internet connection, then reconnected and signed back into msn messenger as appearing offline and blocked the asshole.

But really, who doesn't know that a .bat file is a virus? How can someone be so foolish to think that someone would actually fall for that? How can someone try to convince me it's not a virus without being a fool?

sorry, just random thoughts.

Oh, and if that person really is on here, then you'd better leave me alone.

[Ntense]

A .bat file isn't a virus, although it can launch one.

It's a BATch process file, just a list of old DOS instructions or commands. You can launch Explorer or any sorts of wonderful things. If you're worried about it, I'll hunt up my Grand List of dangerous extensions and post it. With DOS there was only a couple, with Windoze it's a freakin' long list. Windoze calls the same thing a 'script', but it's all the same thing.

(laughs) I know a guy that got some 'pictures' on a Yahoo! chat. It was called cutebutt.scr or something like that. He hides extensions and had NO clue that he was about to butt-fuck himself. Oops. All of his passwords got violated and the script kiddie changed them on him, locking him out of his e-mail accounts. It's a fairly common practice among 16 year olds; those of us older and wiser understand the consequences of jail time.

[Ntense]

Well, shit. What good is a master list if you can't find it??

This is a list I found elsewhere. Everything on this list can be considered dangerous to Windows.

And yes, in their infinite fucking wisdom, Microsoft added a bug into XP that they didn't find until *after* service pack 2. If you don't auto-update, then I suggest you get the hotfix (I'll hunt it down later). It allowed normally-safe JPG pictures to do something stupid. What can I say...
"Windows - did you really expect to go somewhere today?" (paraphrased)

This isn't a complete list, but if anyone sends you a picture that's not JPG, GIF, BMP or PNG, delete it.

ade - MS Access project extension
adp - MS Access project
asx - Windows Media Audio / Video
bas - BASIC program
bas - Visual Basic class module
bat - DOS batch file script
chm - Compiled HTML Help file
cmd - Windows NT/XP Command script
com - Command file (program)
cpl - Control Panel extension
crt - Security certificate
doc - MS Word document (can contain macros that execute)
emf - Enhanced Windows Metafile (Graphic format)
eml - Outlook Express message
exe - Executable file (program)
hlp - Windows help file
hta - HyperText Application file
htm - HyperText Markup (a web page)
html - HyperText Markup (a web page)
inf - package information file
inf - Setup Information
ins - Install script
isp - Internet Communication settings
isp - Sign-up file(X-Internet)
jar - Javascript archive
js - JavaScript file
jse - Jscript Encoded Script file
lnk - Shortcut file (Windows)
mda - MS Access add-in program
mdb - MS Access program
mde - MS Access file
mde - MS Access MDE database
mdt - MS Access workgroup information
mdw - MS Access workgroup information
mdz - MS Access wizard program
msc - Common console document
msi - Windows Installer package
msp - Windows Installer patch
mst - Windows Installer transform; MS Visual Test source file
ops - Office XP settings
pcd - P-Code compiled test scripts
pcd - Photo CD image
pcd - MS Visual compiled script
pdf - Acrobat Reader (can contain scripts but I've never heard it done)
pif - Program information file (shortcut to MS-DOS program)
prf - MS Outlook profile settings
reg - Registration entries
scf - Windows Explorer command
scr - Screen saver
sct - FoxPro forms
sct - Windows Script Component
shb - Shell Scrap object
shs - Shell scrap file
swf - ShockWave Flash (can contain executeable chunks or URLs)
ttf - TrueType font (yep, Windoze executes it)
url - Internet shortcut
vb - VBScript file
vbe - VBScript Encoded script file
vbs - VBScript file
wmf - Windows MetaFile (can do all sorts of nastiness, it's a container of 'things')
ws - Windows script
wsc - Windows Script Component
wsf - Windows Script file
wsh - Windows Script Host Settings file
xls - MS Excel spreadsheet (can contain macros that execute)

Edit: here's the hotfix page. Oopsie, looks like it effects Win2K as well, even though other sources said t'was not so. Also, it's ALL image types, not just JPGs.
hump://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

[ego]

thx Ntense

I am aware that persons will create KeyLogger programs to you send via pictures, you click on the picture to open it and hey presto without your knowledge it installs itself onto your pc.

I advise all members to be wary of this fact.

[Ntense]

Yep, and there's a lot of 'password thief' programs out there, too. That's what the guy I know got hit with. It was able to decode the encrypted passwords for all of his important stuff and send it to the 16 year old that'd sent him the trojan. Sigh.

If you have file extensions hidden, then don't accept ANYTHING across a chat channel. I can change the icon inside a file to make it look like a JPG file, so merely looking at it won't tell you anything.

Open Windows Explorer (no, not IE) simply by holding the WINDOW key down and hitting the E key, or doing Start > Run... > and type explorer (enter). Then go to Tools > Folder Options... > View and un-check the box that says "Hide file extensions for known file types". It's a tad more cluttered, but you'll at least have a hint that the asshole sent you something that's not an image file. RapeU obviously has his set that way. I do, too.

[Ntense]

Oh, and DO try to notice if things look a bit different than usual once you un-hide extensions. I saved my ass one time when I noticed the file name looked unusual. Instead of
tryme.jpg
it looked like
tryme.jpg...

which I barely caught. It turned out that there was about 100 spaces after the 'jpg' part before the end of the file name, which was .exe If I'd clicked on it, I'd have had another effing virus. The spaces pushed the last part of the name off of the screen, thus the three dots. It's a giant freaking warning if you ever see it!

Occasionally you'll get a filename where the author was writing a book. You can have up to 132 characters in a filename, if memory serves. Some idiots use ALL of 'em.

[RapeU]

Wow, that was very informative Ntense. Thank ya

Well, just to be safe now I'm going to be picky about what I accept through im.