So seriously, why can’t email clients like Outlook, as well as virus scanners, flag EXE files disguised as other things?
For instance, at work we got one the other day that was a fake Microsoft notification.
Subject: Important Changes to Microsoft Services Agreement
It basically asks you to open the attached file to see the details. The attached file is Microsoft-Services-Agreement.zip – inside that is “Microsoft Services Agreement.pdf.exe”
I scanned it with the virus scanner (with up-to-date definitions). It doesn’t flag it as suspicious.
Not suspicious?! It’s a frigging EXE disguised as a PDF. Windows users who have the default “Hide known extensions” on* will see it as a PDF. How is that not suspicious?
*That’s a stupid default, too.