Different from the recent rash of malicious javascript files, this javascript does not rely on the introduction of a malicious binary. Sophos titled the malware "JS/Ransom-DDL".
This type of malware can be dangerous if you have never considered javascript as a possible attack vector. Without a binary to detect/inspect/observe, some advanced malware defense tools will be useless.
Fortunately, this type of threat should also be easy to address - with a little preparation.
- Treat javascript email attachments like binaries: prevent delivery.
- Change the .JS file extension from the windows script host.
- If you are not using it, disable windows script host.
SOURCE:
Sophos: Ransomware that’s 100% pure JavaScript, no download required
SEE ALSO:
Microsoft: Disabling Windows Script Host
No comments:
Post a Comment
Share your thoughts.