JavaScript mail attachments may carry malicious code

There has recently been a blackmail program called RAA, written entirely in JavaScript, that can lock a user's files by using a strong encryption program.

Most malware in Windows is written in a compiled language such as C or C + +, and is propagated in the form of executable files such as. exe or. dll. Other malware is written using command-line scripts, such as Windows batch Live this PowerShell.

Client malware is written in a web-related language, such as JavaScript, which is largely interpreted by browsers. However, the script Host built into Windows can also execute the. js file directly.

Attackers have only recently begun to use the technology. Last month, Microsoft warned that JS attachments in malicious mail could carry a virus, and ESET's security academy warned that certain JS attachments might walk Locky viruses. In both cases, however, JavaScript files are used as a downloader for malware, and they are downloaded from other addresses and installed by default for traditional malware written in another language. But RAA is different, it is a completely malicious software written in JavaScript language.

Experts at the Bleepingcomputer.com Technical Support forum say that RAA relies on a secure JavaScript library CRYPTOJS to implement its encryption process. The implementation of encryption is very strong, using the AES-256 encryption algorithm.

Once the file is encrypted, RAA adds. Locked To the suffix of the original filename. The targets of its encryption include:. doc,. xls,. rtf,. pdf,. dwg,. cdr,.,????????????

Bleepingcomputer.com's founder, Lawrence Abrams, said in a blog post: "In the present case, there is no way to decrypt it but to pay for it."

According to the user's response, infected RAA will randomly display Russian information, but even if its target is Russian computers, but its proliferation is only a matter of time.

It is not normal to include JavaScript attachments in messages, so it is best for users to avoid opening such files, even if they are contained in a. zip compressed document.. js files are rarely used elsewhere except in Web sites and browsers.

Original: JavaScript email attachments can carry potent ransomware

Author: Lucian Constantin

Translator: Rai Shintao

Zebian: The Dawn of Money