Of course having PC Matic and PC Matic SuperShield installed will help stop threats in their tracks. Nonetheless, it is important to be educated in order to help avoid problems and PC Pitstop also believes in providing our customers with not just a quality anti-malware solution, but training as well.
Let’s take a look at two deceptive methods that malware sometimes uses to try and trick computer users into becoming victims.
Trick 1 – The Icon Change
Take a look at this screenshot:
Had we not highlighted it, I bet you wouldn’t have noticed that this folder isn’t a folder at all, and is in fact an executable malware file!
This is because this PC does not have the “Show File Extensions” option enabled in Folder Options. We will show how to do this at the bottom of this article. The only other clear way to spot this tactic without file extensions enabled is to look for the “Application” document type in the locations shown. The problem with this is that a user will double-click the file thinking it’s actually a folder and then run the malware. With visible file extensions, the user would see a “.exe” appended at the end, and no real folder would have this.
Trick 2 – Fake File Extension
This trick is even simpler but it can be quite effective as well. Without Show File Extensions on, a file can still be named “report.docx” for example and its icon can be changed to a Microsoft Word Document icon. However, this file can actually still be an executable malware file. In this case, the file will look like a docx and it will even have the icon of a docx, but double-clicking it will launch malware and give it control over the machine. However, showing file extensions will expose this because the file will then show up as “report.docx.exe” which is a dead-giveaway that not only is this not a document file but it is trying to pose as one and trick you! Please note that .exe files are not the only type of file that can be malicious. While some are worse than others, the only guaranteed-safe file is a .txt file but this is only the case with Show File Extensions ON! Otherwise, it could be a fake .txt file which is actually another format as we introduced above.
These tricks are not new, but coming across them can be rare so the mind is not prepared to do a quick visual check of a new file and can miss such a minute visual difference like this. PC Matic has blocked such attacks many times and in our malware repository, we have seen files such as .docx.wsf which are malicious script files disguised as document files so long as the user cannot see the file extension.
The Solution
One way to prevent malware from deceiving you in this way is to have Explorer show you file extensions for every file. To do this:
On Windows 7 and up, hit the Windows key or click the Windows logo icon in the bottom left of the screen, then type “folder options” and click the first result which will say either “Folder Options” or “File Explorer Options.” Now you will have a dialog box with 3 tabs at the top:
Note that in Windows 10, the option will appear in the Start Menu as follows:
For Windows XP, an effective way to do this is to go to Start -> Control Panel -> Folder Options.
Click the “View” tab, then scroll down the list until you find “hide file extensions for known file types”:
Uncheck the box, click Apply and click Ok. Now all of your files will display their file extensions like .exe, .swf, .pdf, .txt, .docx and etc… If you right click a file and click rename and then change or delete the file extension, Windows Explorer will no longer recognize that the file is the proper type until you put it back, so just be wary of that. The upside though is now file extensions cannot hide from you and you can easily spot the tricks mentioned above!
