6 Sep
2010
6 Sep
'10
1:06 p.m.
On 06/09/10 12:50, Dan wrote:
- finished up by offering me a download of an executable Windows binary, which I rejected.
[...]
My question is - could the script have got any sort of access to my local filesystems or otherwise done any damage?
Highly unlikely: these scripts are generally aimed at persuading the user to download and run the trojan; it's far easy to apply a bit of social engineering than it is to get past even basic browser security. Given that the script almost certainly had access to your browser's user-agent and didn't bother to present something more targetted at your OS I'd be very surprised if they'd have known what to do with yout filesystem if they saw it!
For what it's worth, I've seen this on Windows machines and not detected any problems afterwards (provided the .exe wasn't downloaded of-course).
--
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG