How to protect your Windows PC from the attack that led to the Linus Tech Tips hack
One of the world's most popular tech YouTube channels was hacked recently. Linus Tech Tips has over 15 million subscribers on YouTube, but all of the company's technical expertise has not prevented it from being hacked.
It appears that Linus Tech Tips was not the first company that fell for the attack. It started with an email inquiry regarding sponsorship. It is unclear if there was more than one email, as a common strategy of threat actors is to send a harmless email in the beginning, wait for the potential victim to respond, and then include the malware in the next email.
Linus Tech Tips received an email with a zip file, which supposedly contained a sponsorship offer. One of the company's employees extracted the zip archive, and discovered that it contained the promised PDF document.
Only problem was, it was not a PDF document, but a Windows screensaver file. One of Windows' biggest issues regarding security is that it hides certain common file extensions in File Explorer. An attacker can rename the file SuperOffer.scr to SuperOffer.pdf.scr, and Windows, in all its glory, displays only the SuperOffer.pdf part by default in File Explorer. It looks like a PDF document, and since it is possible to give it a PDF icon, it makes it even more believable.
Execution of the file does not load the system's PDF viewer, but runs the executable. At this stage, if no security software kicks in, the PC should be considered infected.
Protecting your Windows PC from this attack
Protecting Windows PCs from this double file extension security issue is quite easy, as it takes just a few clicks. The main issue here is that Microsoft decided to favor a cleaner look of files on the system over security.
The change forces Windows to always display the file extensions of files. The malicious file example from above would be displayed as SuperOffer.pdf.scr by Windows, which would increase the chance of the user to identify the file as potentially malicious.
The following step-by-step instructions explain how the change is made on Windows 10 and 11 devices:
- Open a File Explorer instance, for example, by clicking on the File Explorer icon in the Windows 10 taskbar.
- Select File > Change folder and search options.
- Switch to the View tab.
- Scroll down until you see "Hide extensions for known file types".
- Remove the checkmark from the setting.
- Click on OK.
Windows 10 will display all file extensions all the time now.
- Open File Explorer on the operating system, it is pinned on the taskbar.
- Select Menu (three-dots) and then Options.
- Switch to the View tab in the Folder Options window.
- Uncheck the "Hide extensions for known file types" options.
- Select OK.
Windows 11 displays all file extensions now for all file types.
The change improves the chance of spotting files that try to disguise their real type by adding a fake file extensions to the filename. While that does not guarantee that users do not execute the file accidentally, it does give inexperienced users a better chance at spotting that something is wrong.
Another option that may work wonders is to always execute certain files, for instance all email attachments, in sandboxes or virtual machines.
Now You: have another tip on how these attacks can be prevented?Advertisement