Hello, a short explanation.
You can mask the real file name extension for a file even if the user has turned on the display of extensions. In this way, for example, a file with the txt extension apparently is treated by Windows as an executable by facilitating the spread of malware.
The problem
Never trust the attachments to messages, even if they are text files.
It is customary, even among more conservative users, consider that a text file (typically identified by the .txt extension) are harmless and cannot contain viruses. As a result, even those who install and use an antivirus tends not to refer to his check attachments that arrive, or files downloaded from the Internet, if they have the .txt extension. The same applies for files that have the extension gif or jpeg: we are accustomed to believe that graphics files cannot contain viruses, so it is difficult to verify them with the antivirus software before opening them.
However in Windows there is a very simple way to make these dangerous FileTypes. The "trick" is to give an infecting file (for example a script in Visual Basic, such as the famous loveletter.vbs) a fictitious extension, in queue to which you add a particular code, called CLSID.
I make an example to clarify the concept.
Suppose you have a virus written in Visual Basic, which I'll call virus.vbs. If a user receives it as an attachment, it hardly will open by clicking two times, as it is known (but maybe not enough) that files with extension vbs are executed, not simply open Windows and then can inject into the OS all sorts of viruses.
CLSID
The classical solution to the hidden extension pitfall is easy: just set Windows to display the file name extension.
Unfortunately this remedy is no longer enough. And ' in fact possible to mask the true extent of a file name even if you have turned on the display.
In addition to traditional file extensions (txt, vbs, jpeg and similar), Windows uses also called extensions which are CLSID, 128-bit numbers written in hexadecimal and enclosed in parentheses. Each CLSID identifies a different file type (executable, spreadsheet, Word document, audio files, etc.).
If a file has an extension of these CLSID, is treated as a file of the type that corresponds to the CLSID extension but not displayed by Internet Explorer or Windows Explorer, even on computers where the user has enabled the viewing of file extensions in Windows. This allows you to send the victim a seemingly harmless file (because it seems to have an extension not dangerous) that actually runs without hesitation from Windows, possibly taking control of the computer.
Do a practical example but harmless to clear the danger. We take the usual virus, virus.vbs. Rename it klipsh.vbs. Of course, few will be so irresponsible to open a file with the .vbs extension: why the renaming yet, using a "reassuring" extension, such as .jpg, and adding in the queue a CLSID.
The real name of the file thus becomes:
klipsh.jpg. {00020C01-0000-0000-C000-000000000046}
However the Windows will display without ever showing the CLSID: browsing directories with Internet Explorer or Windows Explorer, all Windows users will see him as a klipsh.jpg, even if they have enabled the display of extensions. What's interesting (and dangerous) is that Windows will treat this file as a JPEG graphics file, but (in this example, harmless) as audio files.
Using an appropriate CLSID, you can send the victim a file that Windows displays with a name and an extension of all harmless, but which is actually a virus, for example, written in Visual Basic: by clicking the file executed, infecting the machine.
