Donít run JavaScript email attachments: ​can carry potent ransomware

Page 1 of 2 12 LastLast
  1. Borg 386's Avatar
    Posts : 31,214
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #1

    Donít run JavaScript email attachments: ​can carry potent ransomware


    Attackers are infecting computers with a new ransomware program called RAA thatís written entirely in JavaScript and locks usersí files by using strong encryption.
    Attackers have taken to this technique in recent months, with Microsoft warning about a spike in malicious email attachments containing JavaScript files back in April. Last month, security researchers from ESET warned of a wave of spam that distributes the Locky ransomware through .js attachments.
    It is very uncommon for people to send legitimate applications written in JavaScript via email, so users should avoid opening this type of file, even if itís enclosed in a .zip archive. There are few reasons for .js files to exist outside websites and Web browsers in the first place.
    Don't run JavaScript email attachments: they can carry potent ransomware | PCWorld
      My Computer

  2. Allison's Avatar
    Posts : 22
    Windows 10 64-bit
       #2

    If you don't recognize the source or the person who is sending you the attachment doesn't usually do so, don't open the attachment. Whether its a JavaScript attachment or an office program, any attachment really- I feel that should preface all of these articles.
      My Computer

  3. MoxieMomma's Avatar
    Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       #3

    ^^ Excellent advice in both posts. ^^

    I'll take it one step further to suggest: even if you DO know the sender, be careful of any attachment.

    Both friends and work colleagues have been hacked from time to time over the years, and their emails "spoofed".

    So, in addition to multiple layers of email security before any message (or its attachments) ever gets to my system, I typically scan EVERY attachment even if I know the sender and I "expect" the file.

    Cheers,
    MM
      My Computer

  4. Honor10's Avatar
    Posts : 2,818
    Windows 10 Home (x64) Version 21H1 (build 19043.1202)
       #4

    I myself don't like java script and only used it back in the old days
      My Computer

  5. davidhk's Avatar
    Posts : 5,440
    windows 10 Pro ver 21H2 build 19044.1348
       #5
      My Computer

  6. galaxys's Avatar
    Posts : 134
    Windows 10 Home 64bit V1803
       #6

    No more Java for me since Windows 7...but good to know.
      My Computer


  7. MoxieMomma's Avatar
    Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       #7

    Hi, @galaxys:

    galaxys said:
    No more Java for me since Windows 7...but good to know.
    "Java" and "Javascript" are not the same thing.

    But your approach is a good one.
    Few websites and (probably) fewer programs need JRE (aka "Java") these days.

    The safest way to proceed is to fully uninstall all versions of Java from the Windows Control Panel, perhaps even using a tool, such as JavaRa (note: version 1.6 seems to work better than the current release build). Having outdated versions and remnants on the system can create security vulnerabilities.

    If you end up needing to reinstall it, the ONLY safe place to get it is from the link here.
    Be sure to opt-out (un-check/un-tick) any "freebies" that may be offered during the setup wizard, and it's vitally important to keep it fully updated with the current version (because of the previously mentioned security problems).
    BTW, Merely disabling Java does not fully mitigate those vulnerabilities, even if you have the most current version.
    So, you're right, if you don't need it, get rid of it.:)

    As far as *javascript* is concerned, there are many browser extensions and security products to help secure your browsers and computer system from *javascript* vulnerabilities, which are different from *java* ("JRE").

    Cheers,
    MM
      My Computer

  8. galaxys's Avatar
    Posts : 134
    Windows 10 Home 64bit V1803
       #8

    Thanks for the additional insight MM! I'll stay away from both those badboys!
    Last edited by galaxys; 16 Jun 2016 at 13:09. Reason: sp
      My Computer

  9. eLPuSHeR's Avatar
    Posts : 2,604
    Windows 10 Home x64
       #9

    A friend of mine got infected by Cryptolocker this way.
      My Computer


  10. Posts : 149
    Windows 10 Pro x64
       #10

    TLR - don't open emails you don't know or trust the look of!
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:09.
Find Us




Windows 10 Forums