| |||||||||||||
|
| |||||||||||||
New Massive Botnet Twice the Size of Storm (Dark Reading)New Massive Botnet Twice the Size of Storm (Dark Reading)Posted Apr 7, 2008 19:12 UTC (Mon) by allenp (guest, #5654)In reply to: New Massive Botnet Twice the Size of Storm (Dark Reading) by Cader Parent article: New Massive Botnet Twice the Size of Storm (Dark Reading)
Ummm... Time out. I just changed the name of an executable to hello.jpg and rigged up a little html file with "hello.jpg" as the target of an <img> tag and of an <a> tag. When I point Firefox at it, the <img> renders as a broken image. The <a> looks like a link, but when clicked on, it renders a page containing just the pathname to the hello.jpg file. To get the thing to execute, I have to deliberately download it, save it to a file, and then manually execute it. 400,000 Windows boxes have been cracked by an executable masquerading as an image, while Linux and Firefox appear immune to the same attack. Further, the trick of appending ".jpg .exe" to an executable has been known practically forever and Windows is still vulnerable to it. It's not exclusively dumb users. It's a bad design combined with naive users. Paul Allen
(Log in to post comments)
New Massive Botnet Twice the Size of Storm (Dark Reading) Posted Apr 7, 2008 20:23 UTC (Mon) by wertigon (guest, #42963) [Link] Actually, this has to do with MIME-types, and is a browser flaw, not an OS-flaw. Try serving that same jpeg with whatever the executable MIME-type is (application/executable maybe?) and you'll see Firefox do what it normally does to executables. I can see a user clicking "execute" here...
New Massive Botnet Twice the Size of Storm (Dark Reading) Posted Apr 8, 2008 5:39 UTC (Tue) by muwlgr (guest, #35359) [Link] Had you ever tried to check your suggestion by yourself ? Firefox and Seamonkey do not offer "open by default" or "execute" for downloadable executable files. Under Windows, at least.
|
|
||||||||||||