Posted: 26 February 2005 at 4:09pm | IP Logged
What's behind the Internet curtain
The Internet isn't the glamorous "Oz" that it used to be in the
beginning. There are plenty of "wicked witches" and "wizard" hackers out there
ready to do whatever they can get away with on your computer — if you don't know
what they have in store for you.
Even saving pictures
is dangerous with IE 6
Here you are, minding your own business, checking out
the latest pictures on CuteFluffyBunnies.com when you see it. The cutest and
fluffiest bunny picture you have ever seen. You just have to have it for your
collection. You right click the picture and choose Save Picture As to
save it. The name of the file looks a little different that other pictures that
you've downloaded from this Web site, but you download it anyway. The picture is
As soon as the picture hits your download folder, your
hard drive starts to grind and your system starts to slow down. That's odd, you
think to yourself, the last time that happened was when you got hit with that
virus last year. Surely that precious bunny picture didn't have anything to do
Could the same thing happen to you by just doing something as
innocent as saving a picture from the Web? It sure can with Internet Explorer 6
under the right conditions.
The problem is caused by the file extension —
i.e. *.exe, *.doc, etc. — that IE uses when saving pictures using the Save
Picture As option. IE uses the extension from the Web address, instead of
the real file extension.
This can cause the last extension to be dropped
if more than one exists — such as in the filename bunny.hta.jpg. This
file, when saved by IE 6, can become bunny.hta on your computer. The end
result is that an infected "HTML Application" (.hta) or other executable file
has been downloaded to your computer. Used with other IE vulnerabilities,
anything can happen from there. Proof-of-concept code is already publicly
available for this problem. It's been shown to work on a "fully patched" Windows
XP SP2 system with IE 6.
This problem has received less attention than
other vulnerabilities because the Windows Explorer setting Hide extensions
for known file types must be turned on for the trick to work. Knowledgeable
users turn this off, so the problem doesn't affect them. But the Windows default
is "on" and many users never change it.
What to do: Disable the
Hide extensions for known file types setting. This can be accomplished as
• Step 1: Open the Tools menu in Windows Explorer.
• Step 2:
Click Folder Options and select the View tab.
• Step 3: In the
Advanced Settings box, scroll down until you find Hide extensions for known
file types and uncheck the box.
has an advisory detailing this problem, and Microsoft has that describes this from a non-security point of view