By Chris Mosby
The Internet isn’t the glamorous "Oz" that it used to be in the beginning. There are plenty of "wicked witches" and "wizard" hackers out there ready to do whatever they can get away with on your computer — if you don’t know what they have in store for you.
Even saving pictures is dangerous with IE 6
Here you are, minding your own business, checking out the latest pictures on CuteFluffyBunnies.com when you see it. The cutest and fluffiest bunny picture you have ever seen. You just have to have it for your collection. You right click the picture and choose Save Picture As to save it. The name of the file looks a little different that other pictures that you’ve downloaded from this Web site, but you download it anyway. The picture is just irresistible.
As soon as the picture hits your download folder, your hard drive starts to grind and your system starts to slow down. That’s odd, you think to yourself, the last time that happened was when you got hit with that virus last year. Surely that precious bunny picture didn’t have anything to do with it…
Could the same thing happen to you by just doing something as innocent as saving a picture from the Web? It sure can with Internet Explorer 6 under the right conditions.
The problem is caused by the file extension — i.e. *.exe, *.doc, etc. — that IE uses when saving pictures using the Save Picture As option. IE uses the extension from the Web address, instead of the real file extension.
This can cause the last extension to be dropped if more than one exists — such as in the filename bunny.hta.jpg. This file, when saved by IE 6, can become bunny.hta on your computer. The end result is that an infected "HTML Application" (.hta) or other executable file has been downloaded to your computer. Used with other IE vulnerabilities, anything can happen from there. Proof-of-concept code is already publicly available for this problem. It’s been shown to work on a “fully patched” Windows XP SP2 system with IE 6.
This problem has received less attention than other vulnerabilities because the Windows Explorer setting Hide extensions for known file types must be turned on for the trick to work. Knowledgeable users turn this off, so the problem doesn’t affect them. But the Windows default is "on" and many users never change it.
What to do: Disable the Hide extensions for known file types setting. This can be accomplished as follows:
• Step 1: Open the Tools menu in Windows Explorer.
• Step 2: Click Folder Options and select the View tab.
• Step 3: In the Advanced Settings box, scroll down until you find Hide extensions for known file types and uncheck the box.
More info: Secunia has an advisory detailing this problem, and Microsoft has an article that describes this from a non-security point of view.
Hackers can turn your mouse against you
There used to be a time when you could take certain things for granted. When you put your mouse over a link on a Web page, and the Web address showed up in your status bar, you’d expect the link to take you there. These days, even that is not the case anymore.
SecurityFocus reports a problem in IE in which a link you hover over with your mouse appear legitimate in the status bar. If you right-click such a link and open its Properties dialog box, a legitimate URL appears there, too. Despite this, the link would actually go to a completely different page. This could fool you into landing on a hacker site, which could steal your personal information or try other hacker tricks.