File Name spoofing in Vista

Author: est
Source: ests Blog

Open a folder, for example, E: est, right-click the blank space, select Properties, select Custom, and then you can change the folder icon. This may be known to everyone on Earth, but there are more interesting things in Vista. First Change the folder icon and click OK. Then, open the desktop in the current folder. ini (there are a lot of methods, the simplest: directly enter desktop after the current path in the address bar. ini Press enter. Of course, if you enable "Show System and Hide File", double-click it to open it.) The notepad pops up and adds the following sentence:

LocalizedResourceName = Hacked By est

Save and close notepad.

Rename desktop. ini to others, such as desktop. ini2, and then change it back. Then, return to the upper-level folder (shortcut key Backspace, dizzy, I am getting started ~~), What is the name of the folder?


To continue with the fun work, first create a new sub-folder under the folder just now. For example, here I am E: estsubtest again open the desktop. ini just now and add a few lines:

[LocalizedFileNames]
Subtest = Another Name

Next, save, close notepad, and set the desktop. change ini to another name, such as desktop. ini2 (this is to refresh the explorer and re-apply the desktop. ini attributes), and press F5 to refresh the current folder to see if the Name of the subtest folder has changed to Another Name?


Does the folder name actually change? No. Do not believe it. Click the address bar of Vista Resource Manager ,.


What is the use of trick? The advantage is that I can create a folder with the abbreviated name to facilitate the input of the path, and then modify it with desktop. ini to display the full name and beautiful appearance. I have a trojan.exe icon, which is the same as a Word document and placed in a folder named "virus". A desktop is used in this folder. ini disguised trojan.exe as letter.docx (Office 2003 and previously. doc, 2007 is. docx format), and then, social engineering allows users to click on this file ...... Normal users will say that the file name is letter.doc (not letter.doc.exe), which is safe and can be opened. After double-clicking it ...... Everything is over.

The figure contains two files, one fake letter.docx, which is actually an exe. You can double-click it to run it directly. The icon is a Word2007 icon disguised as a ResHacker, another Normal Word Document.docx is a true Word 2007 document. Can you differentiate exe and docx Based on the appearance?
All rights reserved. For more information, see the source.

How did I find this secret? Here:

% Appdata % MicrosoftWindowsStart Menudesktop. ini
% Appdata % MicrosoftWindowsStart MenuProgramsAccessoriesdesktop. ini