JavaScript email attachments may carry malicious code and javascript malicious code
Recently, a ransomware called RAA is completely written in JavaScript and can be used to lock users' files by using strong encryption programs.
Malicious Software in Windows is written in the C or C ++ programming language and transmitted in the form of executable files such as .exe or. dll. Other malware are written using command line scripts, such as Windows batch to live the PowerShell.
Client malware is rarely written in Webpage-related languages, such as JavaScript. This language is mainly explained by browsers. However, the built-in Script Host in Windows can also directly execute the. js file.
Attackers have only recently started using this technology. Last month, Microsoft warned that JavaScript attachments in malicious emails may carry viruses, and ESET's Security Research Institute warned that some js attachments may walk with the Locky virus. However, in both cases, JavaScript files are used as a download tool for malware. They download from other addresses and install traditional malware written in other languages by default. However, RAA is different. This is a malware completely written in JavaScript.
Experts from the BleepingComputer.com technical support forum said that RAA relies on a secure JavaScript library CryptoJS to implement its encryption process. The implementation of encryption is very strong, using the AES-256 encryption algorithm.
Once the file is encrypted, RAA adds. locked to the suffix of the original file name. Its encryption targets include :. doc ,. xls ,. rtf ,. pdf ,. dbf ,. jpg ,. dwg ,. cdr ,. psd ,. cd ,. mdb ,. png ,. LCD ,. zip, .rarand .csv.
Lawrence Abrams, founder of BleepingComputer.com, said in a blog: "Currently, in addition to payment, there is no decryption method.
According to the user's response, after RAA infection, the Russian information will be displayed randomly, but even if it is targeted at a Russian computer, its proliferation is only a matter of time.
It is not normal to include the cript attachment in the mail. Therefore, it is best for users to avoid opening such files without authorization. The packages are included in the. Zip compressed file .. Except for websites and browsers, js files are rarely used in other places.
Original article:JavaScript email attachments can carry potent ransomware
Author:Lucian Constantin
Translator:Lai xintao
Editor:Qian Shuguang
The above is all the content in this article, hoping to help you stay away from malicious viruses.