1247: "The Mother of All Suspicious Files"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
alvinhochun
Posts: 54
Joined: Wed Nov 14, 2012 3:07 pm UTC

1247: "The Mother of All Suspicious Files"

Postby alvinhochun » Mon Aug 05, 2013 5:02 am UTC

Image

Title text: Better change the URL to 'https' before downloading.

All-caps URL always looks strange. It appears to be back to the old DOS days (though not mine).

Anyone notice there seems to be a mark below "DOCX"?
Last edited by alvinhochun on Mon Aug 05, 2013 5:05 am UTC, edited 1 time in total.

User avatar
rhomboidal
Posts: 801
Joined: Wed Jun 15, 2011 5:25 pm UTC
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby rhomboidal » Mon Aug 05, 2013 5:04 am UTC

Still, it doesn't have "setup", so I'm assuming it's safe...

moocow2024
Posts: 4
Joined: Fri Apr 08, 2011 9:10 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby moocow2024 » Mon Aug 05, 2013 5:05 am UTC

I believe it is actually a Ç.

Ailina
Posts: 4
Joined: Wed Sep 22, 2010 4:05 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Ailina » Mon Aug 05, 2013 5:07 am UTC

alvinhochun wrote:Anyone notice there seems to be a mark below "DOCX"?

I'm pretty sure it's a cedilla.

User avatar
alvinhochun
Posts: 54
Joined: Wed Nov 14, 2012 3:07 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby alvinhochun » Mon Aug 05, 2013 5:09 am UTC

[joke]So, this file has to be suspicious because of the malformed "DOCX".[/joke]

asdfzxc
Posts: 60
Joined: Mon Jun 08, 2009 7:04 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby asdfzxc » Mon Aug 05, 2013 5:11 am UTC

Every now and then Google image search gives me a PNG with some ridiculously long URL ending in either .php or a /. I do not have any idea how the hell Firefox (or Windows, for that matter) even identifies it as an image.

Also, that's a ç in the file name.

sbkp
Posts: 29
Joined: Wed Jul 04, 2012 1:29 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby sbkp » Mon Aug 05, 2013 5:17 am UTC

My next door neighbor downloads this file about every week or so.

User avatar
alvinhochun
Posts: 54
Joined: Wed Nov 14, 2012 3:07 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby alvinhochun » Mon Aug 05, 2013 5:18 am UTC

asdfzxc wrote:Every now and then Google image search gives me a PNG with some ridiculously long URL ending in either .php or a /. I do not have any idea how the hell Firefox (or Windows, for that matter) even identifies it as an image.

Because browsers identify file type using the "Content-type" HTTP header in the first place, not mainly by the "file extension".
Something like this

pgn674
Posts: 39
Joined: Mon Mar 26, 2007 8:07 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby pgn674 » Mon Aug 05, 2013 5:19 am UTC

Here it is written out:

Code: Select all

HTTPS://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE

Mego
Posts: 2
Joined: Thu May 26, 2011 1:38 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Mego » Mon Aug 05, 2013 5:25 am UTC

Vienna, Virginia, for everyone wondering.

EDIT: Verizon Business... Makes me wonder exactly who this is.

User avatar
sehkzychic
Posts: 51
Joined: Wed Jul 07, 2010 3:50 am UTC
Location: ONI Orbital Facility Around [REDACTED PER COLE PROTOCOL]

Re: 1247: "The Mother of All Suspicious Files"

Postby sehkzychic » Mon Aug 05, 2013 5:29 am UTC

C'mon Randall, you're better than this. Or am I missing the point of the joke here? It seems like the joke is "Hey, this file is clearly malware. How clearly? Well, it's so obvious that it is *totally* obvious." Is there more that I'm missing, or is it just a list of a bunch of indicators of questionable files strung together? Are we supposed to laugh at the fact that such a file would exist, even though it's unlikely it does; or is it that someone would download it, even though the only people who would are people so unused to computers that it's not really sporting to make fun of them for it? Please Randall...be funny again! Give me some raptor-paranoia! Or maybe more Beyonce-Sauron mashups! Or just make it crazy-weird and have BHG riding the red spiders into battle against the crew of Serenity!

Love,

(1/n)(The Internet) *

* Where n is an integer between 7,000,000,000 and 1

chernobyl
Posts: 23
Joined: Wed Jun 27, 2007 6:24 am UTC
Location: Sofia, Bulgaria
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby chernobyl » Mon Aug 05, 2013 5:30 am UTC

Cool, I'm going to use this name for all my email attachments!

goakley
Posts: 1
Joined: Mon Aug 05, 2013 5:36 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby goakley » Mon Aug 05, 2013 5:37 am UTC

65.222.202.53


That was clever; I almost missed that. Well played...

sonoftunk
Posts: 11
Joined: Thu Feb 25, 2010 3:50 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby sonoftunk » Mon Aug 05, 2013 5:38 am UTC

The IP address in question is related to a current event.

Spoiler:
Every Freedom Hosting website went down simultaneously at around 6:40am ET on Saturday morning, about the same time news of Marques’s arrest hit the Internet. If and when the websites have returned since the downtime, many have been infected with Javascript exploits that may be able to identify visitors by grabbing a user’s cookies, logins, and IP address to send “home”—which, in this case, is the Verizon-owned IP address 65.222.202.53. The previously unknown exploit only affects Firefox version 17, which is exactly the version Tor uses.
http://www.dailydot.com/news/eric-marques-tor-freedom-hosting-child-porn-arrest/


Unsurprisingly the file does not exist, but does make for a good DDoSbR (DDoS by Randall).

Spoiler:

Code: Select all

HTTP://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE

User avatar
Quicksilver
Posts: 437
Joined: Wed Apr 29, 2009 6:21 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Quicksilver » Mon Aug 05, 2013 5:54 am UTC

No pr0n in the title? Looks legit.

User avatar
chridd
Has a vermicelli title
Posts: 846
Joined: Tue Aug 19, 2008 10:07 am UTC
Location: ...Earth, I guess?
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby chridd » Mon Aug 05, 2013 7:16 am UTC

It's an exe. I don't have to worry about it since I have a Mac.
~ chri d. d. /tʃɹɪ.di.di/ (Phonotactics, schmphonotactics) · she · Forum game scores
mittfh wrote:I wish this post was very quotable...

User avatar
rvloon
Posts: 295
Joined: Tue Mar 26, 2013 1:23 pm UTC
Location: Genk, Belgium

Re: 1247: "The Mother of All Suspicious Files"

Postby rvloon » Mon Aug 05, 2013 7:36 am UTC

It would have been more fun if it had some reference to a yet-unreleased movie or something with naked-molpy-on-bicycle in the URL somewhere. Oh, and don't forget about [HDTV]-720p.

Ronald
Spoiler:
I followed Time until The End and I cannot even buy a chirping T-shirt.

Arky
Posts: 183
Joined: Wed May 26, 2010 7:23 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Arky » Mon Aug 05, 2013 7:41 am UTC

It's kind of a shame that IP address doesn't redirect to an Easter Egg. Ah well.
Veteran of the One True Thread. And now the Too True Thread?

Wooloomooloo
Posts: 129
Joined: Wed Mar 16, 2011 8:05 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Wooloomooloo » Mon Aug 05, 2013 8:02 am UTC

rvloon wrote:It would have been more fun if it had some reference to a yet-unreleased movie or something with naked-molpy-on-bicycle in the URL somewhere. Oh, and don't forget about [HDTV]-720p.

Oh, but it does reference a movie - the 1995 "Hackers" - whatever the relation with the news about the arrest of the IP-referenced other "hacker" may or may not be. And considering the release date, the "xvid" / "cam" bits are probably more appropriate than the 720p, even if bluray IS mentioned too... :lol:

User avatar
rivulatus
Posts: 45
Joined: Tue Jun 11, 2013 1:14 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby rivulatus » Mon Aug 05, 2013 8:16 am UTC

Am I the only one who is sad that ti doesn't link to a web site?
Some one should set it up as something.

JimsMaher
Posts: 145
Joined: Wed Mar 14, 2012 5:14 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby JimsMaher » Mon Aug 05, 2013 8:17 am UTC

Does this mean that the "corrupt" file I'm downloading won't be "corrupted"?

https://en.wikipedia.org/wiki/HTTP_Secure

User avatar
hwillis19
Posts: 13
Joined: Mon Oct 31, 2011 1:19 pm UTC
Location: Oxford, UK.

Re: 1247: "The Mother of All Suspicious Files"

Postby hwillis19 » Mon Aug 05, 2013 8:44 am UTC

Since when did malware developers code in LISP..?

Reminds me of the malware sharing service that was Kazaa. Rule #255 of the Internet: if you mash enough porn keywords into the filename, they won't notice the executable file extension...

User avatar
PinkShinyRose
Posts: 835
Joined: Mon Nov 05, 2012 6:54 pm UTC
Location: the Netherlands

Re: 1247: "The Mother of All Suspicious Files"

Postby PinkShinyRose » Mon Aug 05, 2013 9:04 am UTC

chridd wrote:It's an exe. I don't have to worry about it since I have a Mac.


There is a wine version for mac OS too right? You could try that, maybe they made it wine on mac OS compatible?

User avatar
StClair
Posts: 409
Joined: Fri Feb 29, 2008 8:07 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby StClair » Mon Aug 05, 2013 9:29 am UTC

Seems legit.

Synthetica
Posts: 8
Joined: Mon Mar 25, 2013 9:02 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Synthetica » Mon Aug 05, 2013 9:32 am UTC

http://xkcd.com/272/, just replace "anti" with ""

User avatar
Shakleton
Posts: 495
Joined: Mon Mar 03, 2008 2:31 pm UTC
Location: Bielefeld, Germany
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby Shakleton » Mon Aug 05, 2013 9:42 am UTC

Relevant make-my-URL-more-shady-looking-link:
http://www.shadyurl.com/

or, of course, the link applied to itself:
http://5z8.info/like-a-rose-for-emily-b ... ARD-XFER--
mikekearn wrote:You even have an appropriate shirt. Excellent.

JOBGG
Posts: 5
Joined: Tue Feb 12, 2013 10:02 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby JOBGG » Mon Aug 05, 2013 9:52 am UTC

Shady urls turned www.xkcd.com into http://5z8.info/instant-purchase_i0v5rq_asian-brides
i honestly like that site.

User avatar
Klear
Posts: 1965
Joined: Sun Jun 13, 2010 8:43 am UTC
Location: Prague

Re: 1247: "The Mother of All Suspicious Files"

Postby Klear » Mon Aug 05, 2013 10:14 am UTC

Quicksilver wrote:No pr0n in the title? Looks legit.


My thoughts exactly.

I especially like the BLURAY_CAM-XVID bit.

User avatar
filecore
Posts: 53
Joined: Wed Nov 12, 2008 9:01 am UTC
Location: Finland
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby filecore » Mon Aug 05, 2013 10:29 am UTC

chridd wrote:It's an exe. I don't have to worry about it since I have a Mac.


Don't worry, you're covered:

The malicious exe wrote:HTTPS://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE


Other amusing bits include ~TILDE, CIA-BIN instead of CGI-BIN, the typoed PHPHPHP, the reference to Hackers (1995), the way he makes each part of the URI link to each other part... there is so much nerd comedy gold in this URL that I don't want to try and explain every single in-joke!

MrPotatoJunior
Posts: 4
Joined: Tue Jun 11, 2013 2:58 pm UTC
Location: Barcelona, Spain

Re: 1247: "The Mother of All Suspicious Files"

Postby MrPotatoJunior » Mon Aug 05, 2013 10:44 am UTC

chridd wrote:It's an exe. I don't have to worry about it since I have a Mac.


Funny how you feel like you're safe from malware when you're using an OS that is malware by itself.

Kredal
Posts: 14
Joined: Sat Mar 10, 2007 12:59 am UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Kredal » Mon Aug 05, 2013 11:17 am UTC

pgn674 wrote:Here it is written out:

Code: Select all

HTTPS://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE


Anyone else notice the LNK.ZDA.GNN? Link, Zelda, Gannon!

User avatar
Flumble
Yes Man
Posts: 2266
Joined: Sun Aug 05, 2012 9:35 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Flumble » Mon Aug 05, 2013 12:09 pm UTC

sonoftunk wrote:The IP address in question is related to a current event.

Spoiler:
Every Freedom Hosting website went down simultaneously at around 6:40am ET on Saturday morning, about the same time news of Marques’s arrest hit the Internet. If and when the websites have returned since the downtime, many have been infected with Javascript exploits that may be able to identify visitors by grabbing a user’s cookies, logins, and IP address to send “home”—which, in this case, is the Verizon-owned IP address 65.222.202.53. The previously unknown exploit only affects Firefox version 17, which is exactly the version Tor uses.
http://www.dailydot.com/news/eric-marques-tor-freedom-hosting-child-porn-arrest/


Unsurprisingly the file does not exist, but does make for a good DDoSbR (DDoS by Randall).

So are we supposed to feed the verizon honeypot to draw attention away from the targeted people?

Also the news coverage is quite vague at this moment; I can't figure out whether Marques is a criminal or whether it's hunting season for the FBI (again) or why all sites hosted at Marques's would be injected with identification exploits.

User avatar
PinkShinyRose
Posts: 835
Joined: Mon Nov 05, 2012 6:54 pm UTC
Location: the Netherlands

Re: 1247: "The Mother of All Suspicious Files"

Postby PinkShinyRose » Mon Aug 05, 2013 12:22 pm UTC

Flumble wrote:
sonoftunk wrote:The IP address in question is related to a current event.

Spoiler:
Every Freedom Hosting website went down simultaneously at around 6:40am ET on Saturday morning, about the same time news of Marques’s arrest hit the Internet. If and when the websites have returned since the downtime, many have been infected with Javascript exploits that may be able to identify visitors by grabbing a user’s cookies, logins, and IP address to send “home”—which, in this case, is the Verizon-owned IP address 65.222.202.53. The previously unknown exploit only affects Firefox version 17, which is exactly the version Tor uses.
http://www.dailydot.com/news/eric-marques-tor-freedom-hosting-child-porn-arrest/


Unsurprisingly the file does not exist, but does make for a good DDoSbR (DDoS by Randall).

So are we supposed to feed the verizon honeypot to draw attention away from the targeted people?

Also the news coverage is quite vague at this moment; I can't figure out whether Marques is a criminal or whether it's hunting season for the FBI (again) or why all sites hosted at Marques's would be injected with identification exploits.


Well, considering only a fraction of the sites are child pornography sites, and considering other relatively well known (I suppose by anyone who has sufficient knowledge to want to attack Marques's sites) were/are also targeted, it seems someone has ulterior motives (that someone being the someone who put up the identification link; ulterior being beyond fighting child pornography).

EDIT: I did not say what fraction...

User avatar
cellocgw
Posts: 2068
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby cellocgw » Mon Aug 05, 2013 12:32 pm UTC

sehkzychic wrote:C'mon Randall, you're better than this. Or am I missing the point of the joke here? It seems like the joke is "Hey, this file is clearly malware. How clearly? Well, it's so obvious that it is *totally* obvious." Is there more that I'm missing, or is it just a list of a bunch of indicators of questionable files strung together? Are we supposed to laugh at the fact that such a file would exist, even though it's unlikely it does; or is it that someone would download it, even though the only people who would are people so unused to computers that it's not really sporting to make fun of them for it? Please Randall...be funny again! Give me some raptor-paranoia! Or maybe more Beyonce-Sauron mashups! Or just make it crazy-weird and have BHG riding the red spiders into battle against the crew of Serenity!

Love,

(1/n)(The Internet) *

* Where n is an integer between 7,000,000,000 and 1


You appear to have accidentally posted to forums.xkcd.com instead of your intended target, xkcdsucks.com.
PS TRWTF is that, despite its name ending in ".exe" this file is actually a ".plugh" file which can only be opened with a $500,000.00 application.
resume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

User avatar
javahead
Posts: 57
Joined: Fri Aug 21, 2009 1:29 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby javahead » Mon Aug 05, 2013 1:02 pm UTC

Mmmm file TAR.TAR!
Awesome with fish sticks.

Demki
Posts: 199
Joined: Fri Nov 30, 2012 9:29 pm UTC

Re: 1247: "The Mother of All Suspicious Files"

Postby Demki » Mon Aug 05, 2013 1:35 pm UTC

RAR and ZIP? I think randall is going crazy.

User avatar
Copper Bezel
Posts: 2426
Joined: Wed Oct 12, 2011 6:35 am UTC
Location: Web exclusive!

Re: 1247: "The Mother of All Suspicious Files"

Postby Copper Bezel » Mon Aug 05, 2013 1:35 pm UTC

I like that it's tar.co.gz, myself. = )

You appear to have accidentally posted to forums.xkcd.com instead of your intended target, xkcdsucks.com.

The title prompts a facile reading. The real goodness is in the address and extension, and the title-text is funny, but I do think it would have been funnier offered without context.
So much depends upon a red wheel barrow (>= XXII) but it is not going to be installed.

she / her / her

User avatar
suso
Posts: 200
Joined: Wed Jan 17, 2007 6:23 pm UTC
Location: Sky Grund
Contact:

Re: 1247: "The Mother of All Suspicious Files"

Postby suso » Mon Aug 05, 2013 1:52 pm UTC

The first thing I thought: Whoa, Hackers is out on Blu Ray?

Actually, it isn't on Blu Ray yet. Or is that part of the bait? Nobody seems to be mentioning that.

Related: https://www.facebook.com/pages/Release-Hackers-on-Blu-Ray/188295297860020
Imagine theres no signatures....

User avatar
Dr. Diaphanous
Posts: 252
Joined: Sun Jan 24, 2010 9:38 pm UTC
Location: UK

Re: 1247: "The Mother of All Suspicious Files"

Postby Dr. Diaphanous » Mon Aug 05, 2013 2:07 pm UTC

filecore wrote:there is so much nerd comedy gold in this URL that I don't want to try and explain every single in-joke!

Can someone explain some of them to me plz?
"God works in mysterious and breathtakingly cruel ways."

User avatar
thesingingaccountant
Posts: 57
Joined: Fri Jul 22, 2011 1:18 pm UTC
Location: My trusty tablet, most likely

Re: 1247: "The Mother of All Suspicious Files"

Postby thesingingaccountant » Mon Aug 05, 2013 2:12 pm UTC

If you download this file, Uncle Sam mails you a bobcat.
Never trust a psychic who has to reschedule.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: No registered users and 96 guests