Every so often, I get an email forwarded to me by a friend, client, or colleague, about the latest email circulating with a malicious attachment designed to entice people to click on it to launch a pernicious piece of malware. They always ask the same thing, “Is this for real?” Some of the warnings are hoaxes made up by people with too much time on their hands, but many are about real threats. Regardless, the concept is constant: If you click on an email attachment, it could trigger a nasty payload. Here is a recent example http://homelandsecuritynewswire.com/single.php?id=8378
Unfortunately, malware purveyors have gotten quite clever over the years, by latching onto interesting topics — Obama, Sarah Palin, swine flu, etc. Remember Anna Kournakova? The sender could appear to be a friend, prospective client or employee, the IRS, etc.
Microsoft makes it easy for malware distributors to trick people into clicking on malicious email attachments, by hiding extensions for known file types. For example, some slimeball could send you an email with an attachment named resume.doc.exe, and it would appear as resume.doc. Even Windows 7, the next generation operating system from Microsoft, has this “feature.” http://blogs.pcmag.com/securitywatch/2009/05/double_file_extensions_still_w.php Thanks, Microsoft.
How do you fix this giant security hole Microsoft put on your computer? Go into the Control Panel, and open Folder Options. Next, click on the View tab, and UNCHECK Hide extensions for known file types, then click on OK. That will help, but will not substitute for caution.