This morning I noticed Softpedia article titled "How to Prevent ZIP Files from Executing Malicious JavaScript Behind Your Back".
Here's the beginning of the story in all it's glory:
Let me repeat that:
When unzipping the file, the JavaScript file would execute, automating various operations.
Naturally, I was curious about the cause of this issue and why I haven't heard about it before.
Little bit of reading, little bit of Googling and here's the original post from F-Secure: "How-To Disable Windows Script Host". They write:
And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host.
Somehow Softpedia authors managed to convert "user clicking on a JS file" into "JS file being launched automatically when unzipped".
Dear Mr. Catalin Cimpanu, please stop writing about security. Open a hotdog stand or something, that's much more suitable for your skill level.