Re: Re: html links to executables

From: Alexey Lobanov (
Date: Sun 25 Apr 2004 - 16:10:43 GMT

  • Next message: Claudemir Todo Bom: "Re: html links to executables"

    Hello all.

    Bjarni R. Einarsson wrote:

    > Also, this sort of sanitization WILL cause problems with legitimate web
    > sites. Some sites, including some pretty big and respectable companies, use
    > the .exe ending on their server-side CGI scripts. Also, there's no reason
    > the scam mails have to use .exe in their URLs - the could simply point to a
    > generic URL - even one ending in .html or .gif - which would then redirect
    > the browser to a .exe download.
    > For this reason defanging like this isn't enabled by default, it's not
    > likely to work well and will break legitimate URLs. However, if the scam
    > mails are using simple, easy to block URLS, then it may be worth the effort
    > to try anyway... I haven't much experience with these messages, so I'd be
    > interested in hearing peoples' opinions on this.
    > Anyone?

    Important technigue in modern scam mails are complex, obfuscated URL's. Asterisk, @,
    recent "0x01 bug" in MSIE, backslash, etc.*

    Seems to be quite easy for detection and killing? Legitimate URL's shouldn't have all
    this shit.


    hosted by