Monday, March 16, 2015

Malware in a .html File

When you receive an email with an attachment, you might be extra cautious if the attachments ends in certain extensions like

  • .EXE
  • .ZIP
  • .BAT
  • .PS1

You might even be a little concerned nowadays with some more common extensions like

  • .PDF
  • .DOCX
  • .XLSX
  • .PPTX

But how many of you would think that the following extensions are concerning?

  • .htm
  • .html

Long story short, you should. You may think you're loading a local harmless HTML file, but here's an example where you'd actually be loading an evil file from a separate site and maybe you wouldn't even know it. If the .htm/.html file contains the following ...

<html> <meta http-equiv="refresh" content="0; url="> </html>

Don't open files you weren't expecting, from people you're weren't expecting to send it.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment