Many times in the blog I mentioned that be careful with the links that followWell then, here are a couple of examples of malicious links posted on Facebook and Fotolog:
Comment on Fotolog Comment on Facebook
They seem innocent comments with links to an image, however when you click it starts the download of a executable file. In the following screenshots you can notice that the actual file extension is .exe and not .jpg:
Both files they are trojans (analysis in VirusTotal):
– imagen_09_10_11.jpg.exe (19/41) – DSC31_08_03_11.JPG.exe (27/43)
As we see, malicious links can be anywhereIn these cases, if the download is canceled, the system is not infected. It will only become infected if, in addition to downloading, the file is then executed, that is, it is double-clicked to open it.
A good practice to avoid these double-extension tricks is to enable the display of extensions in Windows. In this way, if we download the file, when we open it we will see its real extension.
This is what the downloaded Trojan looks like with the hidden extensions, it looks like a normal photo:
This is what it looks like with extensions enabled, an .exe photo?:
See also: Same deception but by chat messages. Fake mail that starts the download of a Trojan. Fake Word document that is actually an EXE.