Reply to post: Re: The Web should be for content, not code

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

Mike 137 Silver badge

Re: The Web should be for content, not code

The problem here is not the browser or downloadable code, merely that in the given case the malicious file is opened automatically in the browser. The attack could perfectly possibly also be triggered by saving the download and opening the bogus PDF manually. So if the browser is relevant at all, it's the hazard posed by browser helpers automatically opening files.

HTTP file download is very convenient, and restricting it to non-executables would be both hard and intrusive. What's needed here is to exercise caution when browsing the web as by now we should all know that a lot of what's presented is not to be trusted.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021