1247: "The Mother of All Suspicious Files"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
Envelope Generator
Posts: 582
Joined: Sat Mar 03, 2012 8:07 am UTC
Location: pareidolia

Re: 1247: "The Mother of All Suspicious Files"

Postby Envelope Generator » Mon Aug 05, 2013 2:39 pm UTC

Eh. Lame. When you've seen one screenshot of a tar file of a self-extracting exe that contains an xvid-encoded cam release that was shot from a bluray of the 1995 movie Hackers, you've seen them all.
I'm going to step off the LEM now... here we are, Pismo Beach and all the clams we can eat

eSOANEM wrote:If Fonzie's on the order of 100 zeptokelvin, I think he has bigger problems than difracting through doors.

User avatar
Someguy945
Posts: 189
Joined: Fri Jul 22, 2011 5:09 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Someguy945 » Mon Aug 05, 2013 3:13 pm UTC

sehkzychic wrote:C'mon Randall, you're better than this. Or am I missing the point of the joke here? It seems like the joke is "Hey, this file is clearly malware. How clearly? Well, it's so obvious that it is *totally* obvious." Is there more that I'm missing, or is it just a list of a bunch of indicators of questionable files strung together? Are we supposed to laugh at the fact that such a file would exist, even though it's unlikely it does; or is it that someone would download it, even though the only people who would are people so unused to computers that it's not really sporting to make fun of them for it? Please Randall...be funny again! Give me some raptor-paranoia! Or maybe more Beyonce-Sauron mashups! Or just make it crazy-weird and have BHG riding the red spiders into battle against the crew of Serenity!

Love,

(1/n)(The Internet) *

* Where n is an integer between 7,000,000,000 and 1


Some days, Randall just creates comics that aren't that funny on their own, but are great to post in other forums/reddit when the perfect opportunity arises. Now whenever someone links to a suspicious file anywhere on the internet, you can reply with this comic.

User avatar
cellocgw
Posts: 2052
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby cellocgw » Mon Aug 05, 2013 3:22 pm UTC

thesingingaccountant wrote:If you download this file, Uncle Sam mails you a bobcat.


Would not download again.


OK, that was lame. So, a challenge: create a file which is in fact compatible with all the extensions listed in the name. That is, it's gotta be executable (.exe), extractable (.tar and others), openable in Word, etc.
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

User avatar
Coyne
Posts: 1101
Joined: Fri Dec 18, 2009 12:07 am UTC
Location: Orlando, Florida
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby Coyne » Mon Aug 05, 2013 3:53 pm UTC

[In the same inflection as that alien storekeeper in Men in Black that says, "He looked okay to me."]: It looked okay to me.
In all fairness...

User avatar
Copper Bezel
Posts: 2426
Joined: Wed Oct 12, 2011 6:35 am UTC
Location: Web exclusive!

Re: 1247: "The Mother of All Suspicious Files"

Postby Copper Bezel » Mon Aug 05, 2013 4:23 pm UTC

cellocgw wrote:
thesingingaccountant wrote:If you download this file, Uncle Sam mails you a bobcat.


Would not download again.


OK, that was lame. So, a challenge: create a file which is in fact compatible with all the extensions listed in the name. That is, it's gotta be executable (.exe), extractable (.tar and others), openable in Word, etc.

.docx is already a .zip archive, and .exe can be. If you mean a binary polyglot, though, you can't really get around the fact that the files will all have their own headers / signatures (though there are apparently exceptions.)
So much depends upon a red wheel barrow (>= XXII) but it is not going to be installed.

she / her / her

sbkp
Posts: 29
Joined: Wed Jul 04, 2012 1:29 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby sbkp » Mon Aug 05, 2013 4:51 pm UTC

Does the IP address mean anything? In hex it's 41DECA35, which seems a little non-random to me.

User avatar
lunarul
Posts: 32
Joined: Mon Mar 24, 2008 9:00 am UTC
Location: Buchares, Romania

Re: 1247: "The Mother of All Suspicious Files"

Postby lunarul » Mon Aug 05, 2013 5:25 pm UTC

sbkp wrote:Does the IP address mean anything? In hex it's 41DECA35, which seems a little non-random to me.

Your question was already answered on page 1: viewtopic.php?f=7&t=104081#p3430736
I'm not anti-social; I'm just not user friendly

User avatar
addams
Posts: 10258
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Re: 1247: "The Mother of All Suspicious Files"

Postby addams » Mon Aug 05, 2013 5:36 pm UTC

I like the Title.

Where did that come from?
It is an Idiom. Correct?

When have you heard it used?
The Mother of This.
The Mother of That.

Where does the idea come from?
This is The Mother.
It is Meaningless in a Void.

Where does it Tickle You?
Anywhere?
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

User avatar
horizonstar
Posts: 2
Joined: Wed May 12, 2010 8:07 pm UTC
Location: Orion Spiral Arm

Re: 1247: "The Mother of All Suspicious Files"

Postby horizonstar » Mon Aug 05, 2013 5:38 pm UTC

-[NUKE]-[mislabeled.ts]-

User avatar
Coyoty
Posts: 195
Joined: Wed Jun 06, 2012 5:56 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Coyoty » Mon Aug 05, 2013 5:48 pm UTC

MOAB.

addams wrote:I like the Title.

Where did that come from?
It is an Idiom. Correct?

When have you heard it used?
The Mother of This.
The Mother of That.

Where does the idea come from?
This is The Mother.
It is Meaningless in a Void.

Where does it Tickle You?
Anywhere?

User avatar
addams
Posts: 10258
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Re: 1247: "The Mother of All Suspicious Files"

Postby addams » Mon Aug 05, 2013 6:18 pm UTC

Coyoty wrote:MOAB.

addams wrote:I like the Title.

Where did that come from?
It is an Idiom. Correct?

When have you heard it used?
The Mother of This.
The Mother of That.

Where does the idea come from?
This is The Mother.
It is Meaningless in a Void.

Where does it Tickle You?
Anywhere?


http://www.youtube.com/watch?v=WwlNPhn64TA
I am easy to snip.

That clip is in YouTube.
It belongs to everyone that can use YouTube.

It is The Mother of All Atomic Bombs.
It was named The Tsar.

Pretty. I am so glad we have good photos for The Family Album.
We can haul out clips of This Mother and That Mother. Remember?

The Mother of All Falls.
Victoria. (right?)

http://www.youtube.com/watch?v=qATQdrHtij8
I like the atomic bomb photos better.

It would be so Great to have that on a Loop on a Big Screen.
No sound. Just the Tsar.

A lovely orange fire that fills the room, over and over.
People that do not know about atomic bombs would not be frightened.
People that do know about atomic bombs would not be frightened.

People that think they know stuff and don't, might wet themselves.
That is fun.

Me. It could frighten a person like me, before I met the Tsar on a screen.
If I did not know the Tsar's photo and name I might be frightened when shown the blast.

That is a game for Young people. Blow up The World!
We have outgrown that. That problem is in our Rear View Mirror.

we can not do it anymore. no one can.
No petulant child nor adult can push a button and end it for All Humanity.
I think that might be true. What do you think? Was it possible? Ever?
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

ctdonath
Posts: 198
Joined: Wed Feb 08, 2012 2:40 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby ctdonath » Mon Aug 05, 2013 6:33 pm UTC

cellocgw wrote:create a file which is in fact compatible with all the extensions listed in the name. That is, it's gotta be executable (.exe), extractable (.tar and others), openable in Word, etc.

If that sort of thing amuses you, https://github.com/mame/quine-relay will: it's a Ruby program which translates itself to Scala, which translates itself to Scheme, which ... thru 50 languages, then back to Ruby.

User avatar
da Doctah
Posts: 983
Joined: Fri Feb 03, 2012 6:27 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby da Doctah » Mon Aug 05, 2013 7:00 pm UTC

cellocgw wrote:
thesingingaccountant wrote:If you download this file, Uncle Sam mails you a bobcat.


Would not download again.
.

But it's a very nice bobcat!
Image

Back to the scary-ass URL: I don't see .ini or .reg in those extensions.

teelo
Posts: 782
Joined: Thu Apr 08, 2010 11:50 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby teelo » Mon Aug 05, 2013 10:13 pm UTC

The file is init.dll, anything after the question mark is just parameters sent back to the webserver.

init.dll is not even an executable file. This is not a harmful file in the slightest.

banjo2E
Posts: 5
Joined: Fri May 27, 2011 1:53 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby banjo2E » Mon Aug 05, 2013 10:20 pm UTC

da Doctah wrote:Back to the scary-ass URL: I don't see .ini or .reg in those extensions.


I don't see any media file extensions in the list at all. (Xvid's a mp4 codec, not an independent extension.)

CIA-BIN is a nice touch. (It's generally CGI-BIN.)

Theogrin
Posts: 10
Joined: Sat Jan 13, 2007 3:33 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Theogrin » Mon Aug 05, 2013 10:26 pm UTC

So, I've been assisting my aunt with her computer over the past few days.[0] After all, she's been assisting with the recent travel to a new apartment, and I was actually happy to help - at first. Little did I know that the device was a hotbed of a few choice bits of malware, with which I'm sure many of you are familiar. One especially fun little addition seemed to be a broken driver, which caused - and is still, after a few hours, causing Windows to bluescreen on a regular basis. (There may also be bad RAM involved.)

It didn't take me long to discover what I believe to be the entry point: a file named, approximately, 'Anthony_Bourdains_No_Reservations_s1e1_xVID.avi.exe'. Regarding my language upon finding that: If there is a hell for blasphemers, I am certainly headed there.

No points for guessing the next four words out of her mouth when I told her the file name...

[0] At this point, I can hear your groans. Trust me, I know.
A while ago I decided that the best way to progress through life was to do something new every day. Unfortunately, I got bored of that a few days later.

User avatar
ConMan
Shepherd's Pie?
Posts: 1690
Joined: Tue Jan 01, 2008 11:56 am UTC
Location: Beacon Alpha

Re: 1247: "The Mother of All Suspicious Files"

Postby ConMan » Tue Aug 06, 2013 1:25 am UTC

If I'm reading it correctly, isn't the page actually INIT.DLL, with a FILE= parameter that is then the rest of the text? Which could potentially be completely ignored depending on what INIT.DLL actually does. Also, am I just making crazy assumptions that .LNK.ZDA.GNN is a joke starting from the .LNK extension (which is basically just a shortcut), then going to Zelda and Ganon as references to Legend of Zelda (whose protagonist is named Link by default)?
pollywog wrote:
Wikihow wrote:* Smile a lot! Give a gay girl a knowing "Hey, I'm a lesbian too!" smile.
I want to learn this smile, perfect it, and then go around smiling at lesbians and freaking them out.

xtifr
Posts: 364
Joined: Wed Oct 01, 2008 6:38 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby xtifr » Tue Aug 06, 2013 1:40 am UTC

teelo wrote:The file is init.dll, anything after the question mark is just parameters sent back to the webserver.

init.dll is not even an executable file. This is not a harmful file in the slightest.


One file named init.dll in a particular directory not accessable by your web server may not be an executable file (assuming you're foolish enough to run a web server on a system that has that directory and that file). Other files of the same name in other directories may be anything, and most certainly may be executable on most web servers. Even if we ignore server aliases. On the other hand, you're right about the parameters part. But that doesn't indicate that the "file" is not harmless. But there's no particular indication that it's harmful either. It's strongly implied, but there's no actual evidence of danger.

I did originally come here just to mention http://www.shadyurl.com/ but someone beat me to the punch. Nevertheless, I think it bears repeating. It's a great site, and a great reminder that anything can be lurking at the other end of a shortened URL. Plus, it's fun. And, of course, it's a great example of the truth of the last sentence of my previous paragraph.
"[T]he author has followed the usual practice of contemporary books on graph theory, namely to use words that are similar but not identical to the terms used in other books on graph theory."
-- Donald Knuth, The Art of Computer Programming, Vol I, 3rd ed.

zugy
Posts: 7
Joined: Wed Jan 16, 2008 5:38 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby zugy » Tue Aug 06, 2013 3:08 am UTC

Turns out, it was just a linux distro.

User avatar
Eternal Density
Posts: 5579
Joined: Thu Oct 02, 2008 12:37 am UTC
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby Eternal Density » Tue Aug 06, 2013 3:14 am UTC

Play the game of Time! castle.chirpingmustard.com Hotdog Vending Supplier But what is this?
In the Marvel vs. DC film-making war, we're all winners.

grafzero
Posts: 6
Joined: Mon Sep 17, 2012 9:47 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby grafzero » Tue Aug 06, 2013 8:17 am UTC

I will be scarred if NSA ever put any file under that URI.
Just for laughs, just for laughs, Randall...

chernobyl
Posts: 23
Joined: Wed Jun 27, 2007 6:24 am UTC
Location: Sofia, Bulgaria
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby chernobyl » Tue Aug 06, 2013 9:22 am UTC

Envelope Generator wrote:Eh. Lame. When you've seen one screenshot of a tar file of a self-extracting exe that contains an xvid-encoded cam release that was shot from a bluray of the 1995 movie Hackers, you've seen them all.


Yeah, but apparently now it's available as a screensaver!

User avatar
mathmannix
Posts: 1445
Joined: Fri Jul 06, 2012 2:12 pm UTC
Location: Washington, DC

Re: 1247: "The Mother of All Suspicious Files"

Postby mathmannix » Tue Aug 06, 2013 1:04 pm UTC

Kredal wrote:
pgn674 wrote:Here it is written out:

Code: Select all

HTTPS://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE


Anyone else notice the LNK.ZDA.GNN? Link, Zelda, Gannon!


... which is immediately followed by "WRBT.OBJ". In the novel Jurassic Park, Dennis Nedry's backdoor in his programming used a command disguised as an object, called something similar... something like "white_rabbit.obj", but probably with an 8-character filename, like "wht_rabt.obj" or something like that. (It's been a while...) That's how he turned off the electric fences (other than the velociraptor ones, of course, he wasn't an idiot!)
I hear velociraptor tastes like chicken.

SemisolidSnake
Posts: 7
Joined: Wed Mar 20, 2013 4:06 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby SemisolidSnake » Tue Aug 06, 2013 4:19 pm UTC

If that file was attached to an email from an address he recognized with only the words "We need to talk." in the body, my dad/boss would open it. Actually half the people in my office would probably open it. And they wonder why I never get my actual work done on time.

User avatar
Lopsidation
Posts: 183
Joined: Tue Oct 27, 2009 11:29 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Lopsidation » Thu Aug 08, 2013 1:55 am UTC

Nice comic. By the way, here's a link to a cool YouTube video: wmw.7.hothitler.bz/go_viral.swf

Spoiler:
Just in case: Yes, the link is safe.
Last edited by Lopsidation on Thu Aug 08, 2013 2:17 am UTC, edited 2 times in total.

User avatar
addams
Posts: 10258
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Re: 1247: "The Mother of All Suspicious Files"

Postby addams » Thu Aug 08, 2013 2:15 am UTC

Lopsidation wrote:Nice comic. By the way, here's a link to a cool YouTube video: wmw.7.hothitler.bz/go_viral.swf

Spoiler:
Just in case: Yes, the link is safe.

The spoiler is fear inducing.

Safe? That is what a Bad File distributer WOULD say!
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

Carnildo
Posts: 2023
Joined: Fri Jul 18, 2008 8:43 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Carnildo » Thu Aug 08, 2013 7:32 am UTC

teelo wrote:The file is init.dll, anything after the question mark is just parameters sent back to the webserver.

init.dll is not even an executable file. This is not a harmful file in the slightest.


Are you sure of this? Perhaps you should view this file, a perfectly harmless .png, if you're so certain.

(Note: this link is the EICAR standard antivirus test file. It SHOULD trigger your protection software.)

teelo
Posts: 782
Joined: Thu Apr 08, 2010 11:50 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby teelo » Sun Aug 11, 2013 3:08 am UTC

Carnildo wrote:
teelo wrote:The file is init.dll, anything after the question mark is just parameters sent back to the webserver.

init.dll is not even an executable file. This is not a harmful file in the slightest.


Are you sure of this? Perhaps you should view this file, a perfectly harmless .png, if you're so certain.

(Note: this link is the EICAR standard antivirus test file. It SHOULD trigger your protection software.)

Webserver bouncing back a .com file. Difference with this comic is, the website has already bounced back a .dll file. What we are seeing is the security prompt after its been downloaded, not before attempting to go to the link. The parameters shouldn't even be shown.

Kit.
Posts: 1117
Joined: Thu Jun 16, 2011 5:14 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Kit. » Sun Aug 11, 2013 11:00 am UTC

teelo wrote:
Carnildo wrote:
teelo wrote:The file is init.dll, anything after the question mark is just parameters sent back to the webserver.

init.dll is not even an executable file. This is not a harmful file in the slightest.


Are you sure of this? Perhaps you should view this file, a perfectly harmless .png, if you're so certain.

(Note: this link is the EICAR standard antivirus test file. It SHOULD trigger your protection software.)

Webserver bouncing back a .com file. Difference with this comic is, the website has already bounced back a .dll file. What we are seeing is the security prompt after its been downloaded, not before attempting to go to the link. The parameters shouldn't even be shown.

As it shown, it bounced back an .exe file with a name somehow containing some normally restricted symbols (such as the question mark). The name of this .exe file looks like an http request to be served by some "init.dll" component on 65.222.202.53.

Edit: Although I'm not familiar with Chrome warnings, so I can be wrong.

arthurd006_5
Posts: 98
Joined: Mon Oct 18, 2010 9:49 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby arthurd006_5 » Tue Aug 13, 2013 7:43 am UTC

MrPotatoJunior wrote:
chridd wrote:It's an exe. I don't have to worry about it since I have a Mac.


Funny how you feel like you're safe from malware when you're using an OS that is malware by itself.

But it's *my* natural marxist dictator malware.

User avatar
Eternal Density
Posts: 5579
Joined: Thu Oct 02, 2008 12:37 am UTC
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby Eternal Density » Tue Aug 27, 2013 1:29 am UTC

I just came across someone mentioning "Cookie_Clicker.CRACKED.EXTENDED_WIN32_OSX_C64_DREAMCAST[XFORCE]-SKIDROW-REGIONFREE[NTFS]PREMIUM-PORTABLE.STEAM-UNLOCKED.PORTABLE.2013.-XVID.CAM_RIP-.1080p.BRRIP[FRENCH SUB][ENG DUB].XXX.NSFW.mkv.png.gif.jpg.pdf.exe.torrent" which i figure is a reference to this comic.
Play the game of Time! castle.chirpingmustard.com Hotdog Vending Supplier But what is this?
In the Marvel vs. DC film-making war, we're all winners.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: No registered users and 92 guests