Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Thought RTFs were malware free? Think again!

stry_cat writes: Over at it says:

" doubt that you are aware of the huge number of exploits directed toward various Office applications, mainly Microsoft Word and PowerPoint. For quite some time a lot of administrators (us included) told people to convert documents to other (safer) formats, one of them being RTF (Rich Text Format). Although this format is proprietary, the specification is publicly available so a lot of word processors support this format."

However as the article continues, we find that one can still embed stuff. Embedding the right (or is it wrong) stuff can have the unsuspecting user downloading some seriously bad malware. Even worse it is likely your AV software will miss this malware!

The article concludes:

"This was another example of why complex file formats should be avoided. Even if you do scan all files on your e-mail gateway (or web filtering server), as you can see most AV programs would miss this as they would scan only the RTF document. One more time we see how important defense in depth is — in this case you would depend on user's awareness and ultimately on his desktop AV product. "

Did you hear that two rabbits escaped from the zoo and so far they have only recaptured 116 of them?