Don’t run JavaScript email attachments: can carry potent ransomware

Borg 386 · 15 Jun 2016

Attackers are infecting computers with a new ransomware program called RAA that’s written entirely in JavaScript and locks users’ files by using strong encryption.

Attackers have taken to this technique in recent months, with Microsoft warning about a spike in malicious email attachments containing JavaScript files back in April. Last month, security researchers from ESET warned of a wave of spam that distributes the Locky ransomware through .js attachments.

It is very uncommon for people to send legitimate applications written in JavaScript via email, so users should avoid opening this type of file, even if it’s enclosed in a .zip archive. There are few reasons for .js files to exist outside websites and Web browsers in the first place.

Don't run JavaScript email attachments: they can carry potent ransomware | PCWorld

Allison · 15 Jun 2016

If you don't recognize the source or the person who is sending you the attachment doesn't usually do so, don't open the attachment. Whether its a JavaScript attachment or an office program, any attachment really- I feel that should preface all of these articles.

MoxieMomma · 15 Jun 2016

^^ Excellent advice in both posts. ^^

I'll take it one step further to suggest: even if you DO know the sender, be careful of any attachment.

Both friends and work colleagues have been hacked from time to time over the years, and their emails "spoofed".

So, in addition to multiple layers of email security before any message (or its attachments) ever gets to my system, I typically scan EVERY attachment even if I know the sender and I "expect" the file.

Cheers,
MM

Samsung User · 15 Jun 2016

I myself don't like java script and only used it back in the old days

davidhk · 15 Jun 2016

Borg 386 said:

Don't run JavaScript email attachments: they can carry potent ransomware | PCWorld

Thanks for the warnings.

galaxys · 15 Jun 2016

No more Java for me since Windows 7...but good to know.

MoxieMomma · 15 Jun 2016

Hi, @galaxys:

galaxys said:

No more Java for me since Windows 7...but good to know.

"Java" and "Javascript" are not the same thing.

But your approach is a good one.
Few websites and (probably) fewer programs need JRE (aka "Java") these days.

The safest way to proceed is to fully uninstall all versions of Java from the Windows Control Panel, perhaps even using a tool, such as JavaRa (note: version 1.6 seems to work better than the current release build). Having outdated versions and remnants on the system can create security vulnerabilities.

If you end up needing to reinstall it, the ONLY safe place to get it is from the link here.
Be sure to opt-out (un-check/un-tick) any "freebies" that may be offered during the setup wizard, and it's vitally important to keep it fully updated with the current version (because of the previously mentioned security problems).
BTW, Merely disabling Java does not fully mitigate those vulnerabilities, even if you have the most current version.
So, you're right, if you don't need it, get rid of it.:)

As far as *javascript* is concerned, there are many browser extensions and security products to help secure your browsers and computer system from *javascript* vulnerabilities, which are different from *java* ("JRE").

Cheers,
MM

galaxys · 15 Jun 2016

Thanks for the additional insight MM! I'll stay away from both those badboys!

eLPuSHeR · 16 Jun 2016

A friend of mine got infected by Cryptolocker this way.

garydexter · 16 Jun 2016

TL

R - don't open emails you don't know or trust the look of!

Don’t run JavaScript email attachments: ​can carry potent ransomware