Hacker News new | ask | show | jobs
by Renaud 1182 days ago
I would say first thing is to disable Windows Explorer from hiding the extension of files.

From what I understand, it was an executable inside a zip attachment to an email disguising itself as a partnership proposal from a reputable source.

The file inside the zip probably had a .pdf.exe extension. By default, Windows Explorer would show it as a .pdf, making it easy to run by mistake.
2 comments
andreareina 1181 days ago
Wait it wasn't an executable pdf that escaped the sandbox, it was a *.pdf.exe?? Why does Windows even still have this vulnerability?
link
richardjam73 1182 days ago
That should be stopped by the smartscreen prompt which is pretty hard to bypass by accident.
link