I have just received an email that looks legit with an attachment about DHL’s document tracker.
File is zipped, but opening it in WinRAR, it’s an EXE file. Extracting it in a folder, looks like a PDF file, so it must be a diversion, that lets other user thinks its a PDF file since it used an icon of a PDF file, but in fact, it’s an EXE file.
I tried it running in a computer protected with DeepFreeze. When I run the file, the computer automatically shutdown.
Don’t know what should happen after shutdown since that computer has DeepFreeze. Everything restores to normal on reboot.
Anyway, I already quarantine the file in my PC and have submitted to Avast. Currently, it’s undetectable with Avast.
I’m hoping that this will be added to Avast’s virus database ASAP, so that it can be blocked right away.
No, you’re right. Again, now that I think about it, the different Windows accessor programs (e.g. task manager) are all exe files with custom icons.
It’s amazing how infrequently I actually work with exe files directly in their folders, so I rarely see the “exe”. Windows…gotta luv it. Most of it is app files. Mostly M$ Office documents. So different from my *nix geeky coding days. No wonder I lost track of the icon promiscuousness of exe files. I have become a corporate Windows user bot. It’s not as icky as I use to think of it as, from the geeky side of the fence.