On Mon, 11 Sep 2006, Kelson wrote:

> In fact, if you're retrieving content over the web, the link
> doesn't even have to tell you the double extension.  The link
> could be to a redirect script, or to a download script that
> provides a content-disposition header:
> 
> http://server/path/to/evil/but/innocuous/looking/file

Well, yes, the worm/virus author putting the *real* executable
extension into the link URI *is* a low-hanging-fruit assumption.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]    FALaholic #11174    pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  People seem to have this obsession with objects and tools as being
  dangerous in and of themselves, as though a weapon will act of its
  own accord to cause harm. A weapon is just a force multiplier. It's
  *humans* that are (or are not) dangerous.
-----------------------------------------------------------------------
 6 days until The 219th anniversary of the signing of the U.S. Constitution

Reply via email to