So seriously, why can't email clients like Outlook, as well as virus scanners, flag EXE files disguised as other things?
For instance, at work we got one the other day that was a fake Microsoft notification.
Subject: Important Changes to Microsoft Services Agreement
It basically asks you to open the attached file to see the details. The attached file is Microsoft-Services-Agreement.zip – inside that is “Microsoft Services Agreement.pdf.exe”
I scanned it with the virus scanner (with up-to-date definitions). It doesn't flag it as suspicious.
Not suspicious?! It's a frigging EXE disguised as a PDF. Windows users who have the default “Hide known extensions” on* will see it as a PDF. How is that not suspicious?
*That's a stupid default, too.
THe short answer is, they can, and some do. When I’ve legitimately wished to email an exe, it resisted multiple levels of obfuscation. I had a exe file, with exe renamed to _exe_ inside a zip renamed to _zip_ -it still complained I was emailing an exe file, and refused. It had to be using the magic number that represents a zip (50 4B) – then opening that, looking at the contents, and realising that it was a PE format file (executable). I think this was gmail.