Could that PDF link really be a virus?

eWeek and various other tech news sites are reporting that ‘security researchers are warning of another spoofing vulnerability’ for users of Microsoft Internet Explorer, one that ‘allows an attacker to mask the true file extension of malicious downloads.’ In other words, that link to a PDF (or another common file format) may in fact be designed to ‘lull a user into opening a malicious file.’

So unless you enjoy trolling dangerously with IE, it may be prudent to check out a report titled ‘Internet Explorer File Download Extension Spoofing‘ at Secunia, Ltd., a Denmark-based security vendor. It explains how MSIE ‘can be tricked into opening a file, with a different application than indicated by the file extension.’

The report also includes an MSIE File Download Extension Spoofing Test, which provides a link to help determine whether you are vulnerable. If you are:

‘After you have clicked the link:

If your Internet Explorer is vulnerable to this issue, a ‘File Download’ dialog box will be displayed with the field ‘File name’ being spoofed to be a .pdf file.

If you choose ‘Open’ in the ‘File Download’ dialog box, the file will be executed as an HTML executable instead of being displayed with your favorite PDF viewer. This happens even though the filename seems to be ‘Secunia_Internet_Explorer.pdf.”

Microsoft has posted ‘Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks,’ including:

‘Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself.’

You May Also Like

About the Author: Kurt Foss

Leave a Reply