The Danger of Auto Open

It’s quite common for PC users to have applications linked to specific file types. For example, a pdf file may be associated with Adobe Reader or a mpeg video file associated with Windows Media Player. If an internet user clicked on a website link to a file such as this, the user could may be prompted to confirm the file should be opened. Many people opt to use the “Auto Open” feature so the application would immediately open the attachment.

Mass mailing worms typically exploit vulnerabilities in applications by crafting an evil file. Did you realize that by simply opening an image, pdf or other simple file it could be possible for an attacker to take complete control over your PC? You may feel that you would never click on an attachment in an e-mail from someone you don’t know as it’s obviously a worm but the attachment doesn’t even need to be in the e-mail, it could be simply linked to.

Here’s an example of an attack I provided to David Utter of Web Pro News:

http://www.google.com/search?hl=en&q=inurl:mail%20intext:shaping+traffic+techniques&btnI=

The URL above exploits a combination of the “Feeling Lucky” feature and an “Auto Open” configured PC. Should a user click on the link the pdf attachment could automatically open. Fortunately in this case it’s a benign white paper but it could have easily been a malicious file.

I should point out that the “Feeling Lucky” button has been abused by spammers for quite a few months but my combining social and technical engineering techniques this could have been an effective attack. At the time there were rumors of a Google Phone so an attack e-mail could have been created with Subject lines related to a sneak peak. Since, the e-mail was related to Google, it would make sense for the body to have a link to Google, keywords specific to the gphone could have been used. Lastly, there was a fresh pdf exploit that could have been used to infect PC’s.