[plug] Windows trojans, you can have them too!

Ryan ryan at is.as.geeky.as
Sun Apr 18 11:15:14 WST 2004


On Sun, 2004-04-18 at 10:43, William Kenworthy wrote:
> Do you know how it got there?  That is, did you set it up to run things
> by default (and therefore it was self-inflicted) or does Moz/FB do this
> nice little MS style helper for you?
> 
> If its the latter, I would raise a bug against Moz/FB and get it
> attended to forthwith.  I am also interested from a self-protection POV
> as I usually ignore IE targeted hacks, thinking I am reasonably safe

It was the latter, I never specifically ran anything.  I remember in the
past windows popping up asking this and that and I always answered in
the negative.  No doubt the questions that were posed in these windows
could have been rigged to do it anyway when cancelled.   Whatever it
was, nothing has ever come up saying "you are trying to download a
windows executable, do you want me to open it with wine?" .. or the
default application etc.

My Mozilla helper apps don't list anything suspect or anything to handle
octet-streams/executables etc. It does have references to several MS
things though, so apps obviously have this in mind, msword (abiword)
ms-tnef etc.  I don't know how to get a copy of what shows up in the
helper apps window as i can't find anything relevant in my ~/.mozilla
directory - so you'll just have to believe me :)   It could have been
Firefox too.  Its helper app bit is empty, but I noticed that everything
in Firefox works still, so maybe it has some more automatic tendencies
than Mozilla .. or uses my ~/.mozilla dir to feed itself?

While Gnome's 'File types and programs' does not list anything against
.exe/.com ms-dos-executables etc, if I double click an executable file
in nautilus, it runs wine.  It is therefor highly likely that a browser
passed on the request to the 'default application'.  Hard to know
exactly which part to blame.

I'm sure now if I *try* to find a site that attempts to install stuff
like this, a) I won't find one and b) it won't work.

Ryan




More information about the plug mailing list