Pixalo Photography Community

Go Back   Pixalo Photography Community > Photography Forums > Computer hardware, software, networking and internet

Computer hardware, software, networking and internet: Discuss New ransomware strain coded entirely in Javascript...New ransomware strain coded entirely in Javascript Security researchers have discovered a new strain of ransomware coded entirely in Javascript, ...
Welcome to the Pixalo Photography Community. As a Guest you are free to browse the site, but see what extras you get as a Member here.


Reply
 
LinkBack Thread Tools Display Modes
Old 21-06-2016, 00:13   #1 (permalink)
Pixalo Crew
 
dabhand16's Avatar
 
Join Date: Jun 2006
Location: Dunstable Bedfordshire UK
Posts: 30,283
dabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of light
dabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of lightdabhand16 is a glorious beacon of light

Image editing O.K.
User's Gallery
Users Camera Equipment List
New ransomware strain coded entirely in Javascript

New ransomware strain coded entirely in Javascript

Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated.

Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.

Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.

One security expert said the approach was likely to fool many victims.

"It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.

"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."

The RAA ransomware was discovered by security researchers known as Benkow and JamesWT.

It is sent to victims by email and if opened on a Windows machine uses the "Windows Based Script Host" to run its code.

Typically an executable program such as an .exe or .bat file would be automatically screened and blocked by the operating system, but Windows allows .js files to run.

If opened, the ransomware sets about encrypting the victim's files and displays a ransom note written in Russian. It demands a fee of $250 (171) for the files to be restored.

In April, Microsoft reported that it had seen an increase in malware being spread through Javascript email attachments.

"It is interesting to note that an Office attachment with malicious macros typically requires two or more clicks on the document to run it. One click to open the document and another click to enable the macros," the firm said in a blog post.

"On the other hand, the Javascript attachments only take one or two clicks to start executing."

Protection

Mr Munro said people should avoid opening attachments from unknown sources to stay safe.

"The .js (Javascript) file type is automatically blocked in some email packages, particularly Outlook," said Mr Munro.

"But interestingly Gmail doesn't appear to block it. Don't open unknown attachments, particularly those with a .js extension.

"While we're there, don't open macro enabled Office docs either (such as .docm and .xlsm files) - and keep your anti-virus right up to date."

Additionally, Windows can be instructed not to start the "Windows Based Script Host" when a .js file is double-clicked.

Virus blog Bleeping Computer reports that there is currently no way to reverse the RAA encryption without paying the ransom.

Often, restoring files from a back-up copy is the only way to get files back without paying - although some examples of ransomware have been cracked.

Source BBC
__________________
Graham
dabhand16 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cryptolocker ransomware has 'infected about 250,000 PCs' dabhand16 Computer hardware, software, networking and internet 0 24-12-2013 15:46
Any javascript experts out there spxxxx Computer hardware, software, networking and internet 16 05-06-2008 23:45
Cool! a vBB coded Forum with LENSES! theblackalchemist Welcome Forum 9 02-05-2008 18:27
Firefox 2.0.0.14 released-fix JavaScript vulnerability and adds stability Steve News 0 17-04-2008 12:33
Deadly strain of bird flu confirmed in UK GfK General photography questions and answers 1 23-10-2005 23:23


All times are GMT +1. The time now is 00:15.


vBulletin Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
ReviewPost & PhotoPost vB3 Enhanced, Copyright 2003-2014 All Enthusiast, Inc.
SEO by vBSEO 3.3.0
Copyright 2006 - 2017 Pixalo.com

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197