Blocking JavaScript attachments can help to reduce malware and ransomware infections, yet Google has resisted adding the file attachments to its banned list. However, that will now change from February 13, 2017.
JavaScript files – those with extensions .JS and .JSE – are now commonly used by cybercriminals to infect computers with malware. Over the course of the past two years, malicious JavaScript files has been one of the preferred methods of infecting computers with ransomware. JavaScript files are commonly used as downloaders for malware, and ransomware in particular.
The files are usually hidden using a variety of techniques, such as the use of double extensions such as PDF or DOCX to fool email recipients into thinking the files are genuine invoices or parcel tracking documents. Cybercriminals often hide JavaScript files in archives such as .Zip and .RAR files. Google has also taken the decision to block JavaScript attachments in compressed file formats such as ZIP or .RAR files.
JavaScript files have been one of the primary ways that the gang behind Locky ransomware has infected computers and last year, a new ransomware variant was discovered that had been written entirely in JavaScript – RAA ransomware.
For the vast majority of Gmail users, including business users, JavaScript files are never used. Even when the files are required, they are almost never needed by anyone outside the IT department. Blocking JavaScript files is therefore unlikely to cause users any problems. If businesses or individuals do need to use these files, they can still be shared via Google Drive. Links to Google Drive be sent via email and files can be downloaded if required.
While Gmail users will be protected from these potentially malicious file formats from the middle of next month, non-Gmail users should also be blocking JavaScript attachments and preventing other script files and executable from being delivered to end users’ inboxes. Many anti-spam solutions can be configured to block specific file attachments such as .EXE files, and scripts such as VBS and .JS.
Malware and ransomware is not only spread via email, although email remains one of the most common vectors. To improve protection against web-borne attacks such as malvertising, drive-by downloads, and websites loaded with exploit kits, a web filtering solution can be used.