[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uncompressing gif Files that May or May Not be gif's

Martin McCormick wrote:

	The .gif file which was attached to this Jabberwakian
spew was called attempt.gif and passed the "file " test with flying
colors.  Since the message body makes no sense and has no
hyperlinks, the .gif almost has to be the mechanism to louse
things up.

	I once did a google search describing Email messages
consisting of random text with a binary attachment and this may
be a variant of what is called the "bugbare" virus in which a
.gif file is the means of infection.  The only thing that didn't
match was that bugbear makes a gif file with a compound extension
like .exe.gif.  It could also be that the thugs have refined it
so as to make more normal-looking files.

Windows by default does not display 'common' extensions, so this
is just a simple trick to make an .exe look like a .gif, so someone
might well try to open it, not having realised that they shouldn't
be able to see a .gif extension. It would be the other way around,
sample.gif.exe so that the .exe wasn't shown.

	To me, this is interesting but the goal is to
mechanically detect those darn things and shunt them in to the
spam folder as they frequently get by bogofilter.

I think you're looking too hard here. The .gifs are no more than
an attempt (apparently successful!) to get past your spam filter.
They will contain nothing more dangerous than the latest junk
stock tip or medication spam. I wish I could find the idiot that
actually buys stuff advertised this way. There can't be more than

As far as I'm aware, not even Windows can do anything dangerous
with a .gif file (today, at least), and I'm pretty sure Linux can't.

Reply to: