Re: Uncompressing gif Files that May or May Not be gif's

[Joe <joe@jretrading.com>]

Martin McCormick wrote:
> 	The .gif file which was attached to this Jabberwakian
> spew was called attempt.gif and passed the "file " test with flying
> colors.  Since the message body makes no sense and has no
> hyperlinks, the .gif almost has to be the mechanism to louse
> things up.
>
> 	I once did a google search describing Email messages
> consisting of random text with a binary attachment and this may
> be a variant of what is called the "bugbare" virus in which a
> .gif file is the means of infection.  The only thing that didn't
> match was that bugbear makes a gif file with a compound extension
> like .exe.gif.  It could also be that the thugs have refined it
> so as to make more normal-looking files.

Windows by default does not display 'common' extensions, so this
is just a simple trick to make an .exe look like a .gif, so someone
might well try to open it, not having realised that they shouldn't
be able to see a .gif extension. It would be the other way around,
sample.gif.exe so that the .exe wasn't shown.

> 	To me, this is interesting but the goal is to
> mechanically detect those darn things and shunt them in to the
> spam folder as they frequently get by bogofilter.

I think you're looking too hard here. The .gifs are no more than
an attempt (apparently successful!) to get past your spam filter.
They will contain nothing more dangerous than the latest junk
stock tip or medication spam. I wish I could find the idiot that
actually buys stuff advertised this way. There can't be more than
one...

As far as I'm aware, not even Windows can do anything dangerous
with a .gif file (today, at least), and I'm pretty sure Linux can't.