JavaScript mail attachments may carry malicious code

Source: Internet
Author: User

There has recently been a blackmail program called RAA, written entirely in JavaScript, that can lock a user's files by using a strong encryption program.

Most malware in Windows is written in a compiled language such as C or C + +, and is propagated in the form of executable files such as. exe or. dll. Other malware is written using command-line scripts, such as Windows batch Live this PowerShell.

Client malware is written in a web-related language, such as JavaScript, which is largely interpreted by browsers. However, the script Host built into Windows can also execute the. js file directly.

Attackers have only recently begun to use the technology. Last month, Microsoft warned that JS attachments in malicious mail could carry a virus, and ESET's security academy warned that certain JS attachments might walk Locky viruses. In both cases, however, JavaScript files are used as a downloader for malware, and they are downloaded from other addresses and installed by default for traditional malware written in another language. But RAA is different, it is a completely malicious software written in JavaScript language.

Experts at the Bleepingcomputer.com Technical Support forum say that RAA relies on a secure JavaScript library CRYPTOJS to implement its encryption process. The implementation of encryption is very strong, using the AES-256 encryption algorithm.

Once the file is encrypted, RAA adds. Locked To the suffix of the original filename. The targets of its encryption include:. doc,. xls,. rtf,. pdf,. dwg,. cdr,.,????????????

Bleepingcomputer.com's founder, Lawrence Abrams, said in a blog post: "In the present case, there is no way to decrypt it but to pay for it."

According to the user's response, infected RAA will randomly display Russian information, but even if its target is Russian computers, but its proliferation is only a matter of time.

It is not normal to include JavaScript attachments in messages, so it is best for users to avoid opening such files, even if they are contained in a. zip compressed document.. js files are rarely used elsewhere except in Web sites and browsers.

Original: JavaScript email attachments can carry potent ransomware

Author: Lucian Constantin

Translator: Rai Shintao

Zebian: The Dawn of Money

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.