The script is disguised as a document
Posted on 06/20/2016 7:31:04 PM PDT by Swordmaker
Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated. Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.
Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.
One security expert said the approach was likely to fool many victims. "It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.
"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."
(Excerpt) Read more at bbc.com ...
For your ping list as a warning as this WILL run from opening an email which has a document reader attached that can execute a Javascript. It starts encrypting files as soon as it is opened.
“It starts encrypting files as soon as it is opened.”
One of a number of reasons I moved to Linux.
Windows should be trashed into the dustbin of history.
Javascript works just as well under Linux.
Javascript works just as well under Linux.
if you let it
Does anybody know if there would be a problem opening an email with this JavaScript file as an attachment with either a gmail app or gmail via chrome?
Is Google protecting me?
Just hoping.
The fools who wrote Javascript seem to have no clue about the “sandbox” theory supposedly behind it.
You can disable Windows Script Host or modify the registry to require a .js attachment be double clicked before it can run.
That should prevent malware from being silently installed without user permission.
The company I work at has had several pc’s these past 3 months with ransomware. The caller loses all files as the pc is re-imaged.
In my building we have a network drive we can back up all files to which are backed up everyday. I have done this just in case. thos ein other field offices do not all have access. they need to these days.
Back up your files as your personal photos and other files either online or using an external drive then unplug the drive until the next back up.
The files could all be lost in an instant.
It is not javascript it is Jscript
Article here on bleeping computer
easy to do
I created a “test.js” in a text editor to verify the fix worked and windows said it blocked it from running
no because it is jscript
you need to disable the windows script host
Bookmark
Good Lord. Thank you!
Bump for later
Thanks to Swordmaker for the ping!!
Windows Script Host is enabled by default in Windows.
Shut it down. If you do mistakenly open a .js attachment it can’t execute.
Few people need to run javascript outside a browser and there is no real reason to send someone a legitimate .js attachment.
Ransomware authors are looking for new vulnerabilities to take a computer and its data hostage.
.js execution is ideal because an infected file doesn’t need user permission to run and antivirus or antimalware software usually doesn’t detect it.
Make it a habit not to allow unknown file extensions to execute in the first place.
Simple reg key fix. Took me all of two minutes, including a restart for “good luck”.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.