Me: Hey! I tried to download one of your game maps, but Mozilla downloaded it as text - the map doesn't work.
Webmaster: Huh, that's odd, it works fine in IE. Why don't you just use IE?
Me: Why don't you just zip the files? Your server seems to handle zips OK. It doesn't know map files.
Webmaster: (no response, site still fucked up).
Me: (gave up complaining to webmasters that obviously use IE).
I've never tried to spread a virus this way, but I'd imagine it's as easy as this code:
<object data="virus.js"></object>
where "virus.js" is actually an executable file. I'm not sure which file extensions work this way, I would suspect ".js" would work good since most servers send out ".js" as text/javascript and browsers like Mozilla might try to parse it (and fail, since it will be corrupted), but windows will (I assume) download it raw and see that it's a PE and try to execute it.
Like I said I don't know exactly how (or which extensions work), but I know it's quite easy to figure out.
BTW; I've gotton serveral of these new viruses and Mozilla can't open them at all. I tried to extract the virus from the eMail in order to check it in my virus scanner and get it's name, but it seems there's an error in the encoding. I even tried using WinRar, which I've used before this way. So it seems that OE/IE's error handling is what enables the virus to work at all.
