2

Is this possible? A friend tried to install a rat by sending me a file that looked like 049.jpg.exe but i didnt click on it cuz of the .exe in the end.

This was just for fun but it made me Wonder, can you hide a rat completely so The victim doesn't see The .exe?

If I wanted to give him a rat, would it be possible to make a custom link and hide The rat in it so when he Clicks it he get infected without notice? Like send him an email " your picture www.facebook.com/089jpg-anthonynude is violating our rules and we does not tolerate nude or pornographic content. / Facebook "

crovers
  • 6,311
  • 1
  • 19
  • 29
J.nosna
  • 21
  • 1
  • 2

2 Answers2

3

You can't trick Facebook, because it looks into the file contents to determine its type. Moreover, pictures uploaded are automatically converted into another format.

Historically there was a related vulnerability in some versions of Windows, which simplified .jpg.exe tricks. If you included an RTL (right-to-left) character in the filename, it would be parsed right to left, so a file named as exe.something.jpg is seemingly a JPG file for the user, but it executes when clicked on.

Besides this, I don't know any other possibilities that a file with the right jpg extension would execute.

Rápli András
  • 2,124
  • 11
  • 24
0

This is possible, provided there is a bug in the image viewing software which allows for remote code execution. See https://imagetragick.com for a recent example of such a bug.

Dan Landberg
  • 3,312
  • 12
  • 17