[QUOTE=ChristineBCW;2708324]Yoj’s mention of “hides in PDF” possibilities sends particular shudders because I have shop-neighbors that deal in PDF-receipts extensively.
I wonder what ‘executable’ is normal for a PDF, though? “Execute a Viewer-Call, Execute a Fill to Display Memory”? I guess that’s the two ‘executable’ actions that a PDF generates. I can only wonder if PDF standards allow a sub-call from one of those actions, though. Sheesh. So many hooks dangling around.
I’ll dig around more and see if I can locate episodes of PDF-based attacks and THEN pray Alan’s good find can handle those, too. I wonder how many virus-attack strategies are born out of ex-MS employees - as opposed to AV employees who simply followed MS guidelines for OS usage (and then perverted those into mis-usage)?[/QUOTE]
[B]Here is a bit more knowledge about the .exe files[/B]
[B]Fake File Extension Executables: (ex. [I]document.docx.exe[/I])[/B]
[li][B][I]*.x.y[/I] where: [/B][/li][LIST]
[li][B][I]x[/I] = pdf, doc, docx, xls, xlsx, ppt, pptx, txt, rtf, zip, rar, 7z, jpeg, jpg, png, gif, avi, mp3, wma, wmv, wav, divx, mp4[/B][/li][li][B][I]y[/I] = exe, com, scr, and pif.[/B][/li][/ul]
[li][B]with v4.1, now includes [/B][B]RLO (Right to Left Override) exploit[/B][B] protection.[/B][/li][/LIST]
[B]Temp Extracted Executables in Archive Files:[/B]
[li][B]%temp%\rar* directories[/B][/li][li][B]%temp%\7z* directories[/B][/li][li][B]%temp%\wz* directories[/B][/li][li][B]%temp%*.zip directories[/B][/li][/ul]
[B]The final four locations above are temporary extract locations for executables when run from directly inside of a compressed archive (e.g. you open download.zip in Windows Explorer, WinRAR, WinZip, or 7zip, and execute an .EXE from directly inside the download, it is actually extracted to a temporary location and run from there â€“ so this guards against that as well; however this option may interfere with certain program installations (e.g. Firefox.))[/B]