The Power of (Misplaced) Trust: HTAs and Security

[SysAdMini]

http://www.sophos.com/blogs/sophoslabs/?p=6929

We have seen a few spam samples today which use the old tactic of HTML Application (.hta) scripting to get malicious code onto a Windows machine via Internet Explorer. A gullible user is only two non-default security settings and one socially-engineered click away from further badness.