On Wed, 13 Jul 2016, Chip M. wrote:
P.P.S. Today's new malware morph is a single zipped javascript file, where the script filename ends with "..wsf". Is the double dot just a mistake, or does that confuse anything?
That's very likely an attempt to bypass "double-extension" filter checks that expect the first extension to actually be present (e.g. something like /\.[a-z]{1,3}\.wsf$/ ).
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- 3 days until the 71st anniversary of the dawn of the Atomic Age
