[sloshnmosh]

That is a good question.

Looking at some of Citizen Lab’s excellent reporting on FinFisher shows that victims were redirected to regular unencrypted http downloads when the malware was installed.

One of the examples given was when a user tried to download Avast antivirus from a well-known software hosting site and the download was done over http.

There are several security sites that have downloadable packet captures of malware infections where you can see in Wireshark that redirects are commonly used.

[dannyw]

Browsers should phase out and block executable downloads from HTTP sources in 12 months.

[rocqua]

They should not.

They should maybe give bigger warnings, but lets not break all of the old web just to protect a few more people against themselves.

[dannyw]

Any untouched, unpatched, unmaintained executables from 2007 should not be ran today, period.