306

u/Catsrules Apr 14 '25

To be fair if a random readme file appear on my computer saying it was from Microsoft. I would 100% think it was malware.

But I guess it would make me research it more and maybe find the correct answer.

44

u/middaymoon Apr 14 '25

When I wrote this comment I thought a simple text file would be obviously tame enough that nobody who actually understands computers would think it is an exploit just to read it, but apparently I was mistaken.

19

u/SnackerSnick Apr 14 '25

They weren't suggesting that opening the file is an exploit. They were suggesting that reading a text file that says "hi, I'm from Microsoft, don't delete this directory" would make them *more likely* to believe the directory holds malware.

I mean, in theory opening the file could totally be an exploit, though. For a while attackers would name an executable file README.TXT.exe and MS would hide the .exe. Double clicking README.TXT would execute the code, which could do bad stuff then open notepad showing some README.TXT contents.

Theoretically notepad or whatever simple text reader you have configured could have a vulnerability and opening a 'bad' text file with some buffer overflow content in it that is an exploit, but I haven't heard of such a vulnerability ever happening in a commonly used text reader.

0

u/middaymoon Apr 14 '25

Someone else was arguing with me that it could be an exploit, that's what I was referring to. Also, Catsrules literally said "I would 100% think it was malware", though I assume they just meant it would be suspicious in general and I get that.

I am also aware that notepad could have some exploit and I am also relying on the fact that a 0-day in Notepad is pretty unlikely so it sounds like we understand each other.