Attackers are infecting computers with a new ransomware program called RAA that’s written entirely in JavaScript and locks users’ files by using strong encryption.Attackers have taken to this technique in recent months, with Microsoft warning about a spike in malicious email attachments containing JavaScript files back in April. Last month, security researchers from ESET warned of a wave of spamthat distributes the Locky ransomware through .js attachments.Don't run JavaScript email attachments: they can carry potent ransomware | PCWorldIt is very uncommon for people to send legitimate applications written in JavaScript via email, so users should avoid opening this type of file, even if it’s enclosed in a .zip archive. There are few reasons for .js files to exist outside websites and Web browsers in the first place.
If you don't recognize the source or the person who is sending you the attachment doesn't usually do so, don't open the attachment. Whether its a JavaScript attachment or an office program, any attachment really- I feel that should preface all of these articles.
^^ Excellent advice in both posts. ^^
I'll take it one step further to suggest: even if you DOknow the sender, be careful of any attachment.
Both friends and work colleagues have been hacked from time to time over the years, and their emails "spoofed".
So, in addition to multiple layers of email security before any message (or its attachments) ever gets to my system, I typically scan EVERY attachment even if I know the sender and I "expect" the file.
Cheers,
MM
I myself don't like java script and only used it back in the old days
Thanks for the warnings.Don't run JavaScript email attachments: they can carry potent ransomware | PCWorld
No more Java for me since Windows 7...but good to know.
Hi, @galaxys:"Java" and "Javascript" are not the same thing.No more Java for me since Windows 7...but good to know.
But your approach is a good one.
Few websites and (probably) fewer programs need JRE (aka "Java") these days.
The safest way to proceed is to fully uninstall all versions of Java from the Windows Control Panel, perhaps even using a tool, such as JavaRa (note: version 1.6 seems to work better than the current release build). Having outdated versions and remnants on the system can create security vulnerabilities.
If you end up needing to reinstall it, the ONLY safe place to get it is from the link here.
Be sure to opt-out (un-check/un-tick) any "freebies" that may be offered during the setup wizard, and it's vitally important to keep it fully updated with the current version (because of the previously mentioned security problems).
BTW, Merely disabling Java does not fully mitigate those vulnerabilities, even if you have the most current version.
So, you're right, if you don't need it, get rid of it.
As far as *javascript* is concerned, there are many browser extensions and security products to help secure your browsers and computer system from *javascript* vulnerabilities, which are different from *java* ("JRE").
Cheers,
MM
Thanks for the additional insight MM! I'll stay away from both those badboys!
A friend of mine got infected by Cryptolocker this way.
TLR - don't open emails you don't know or trust the look of!
