Originally posted by VectraMan
View Post
The issue with Chrome is that by default it treats .scf files as implicitly trusted so doesn't, by default, ask for a save location so the user never sees the full file name, only the one presented by the dodgy website.
Google fixed this for .lnk files related to the Stuxnet worm by forcing the user to confirm the location for the file to be saved but didn't apply the same restriction to .scf files.
Internet Explorer doesn't share the the same functionality. It always asks for a location to save a file regardless of type.
AV programs will not identify them as a threat as all they contain is plain text and any attempt to interpret the content is liable to create large numbers of false positives.
Leave a comment: