> are there examples where attackers gain a big advantage by having a downloaded file come from a trusted URL?
Yeah. I hope Adobe is all over this.
It's not hard for me to imagine a shady website that offers streaming videos prompting users that they need to update Flash, then redirecting the user to an adobe.com URL that downloads an installer. I bet even some savvy HNers could fall for that.
Or how about a similar attack on enterprise users by prompting them to update Adobe Reader.
Yeah. I hope Adobe is all over this.
It's not hard for me to imagine a shady website that offers streaming videos prompting users that they need to update Flash, then redirecting the user to an adobe.com URL that downloads an installer. I bet even some savvy HNers could fall for that.
Or how about a similar attack on enterprise users by prompting them to update Adobe Reader.