Why the fuck is this even possible?

Why the fuck is this even possible?

New ransomware strain coded entirely in Javascript, can be activated with one click as an email attachment

bbc.co.uk/news/technology-36575687

Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated.

Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.

Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.

One security expert said the approach was likely to fool many victims.

"It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.

"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."

Other urls found in this thread:

archive.is/SSqRT
p.teknik.io/B890B
en.wikipedia.org/wiki/JScript#JScript
twitter.com/NSFWRedditVideo

Holla Forums warned you.

...

Found your problem

So this is the power of javascript...
I can't wait until js is replaced by web assembly. If this can be done in fucking js, then what horrors await when we see people fucking around with something even more dangerous?

Not really new, Locky disguises itself as a document too.

windows can run javascript naively, similar to vbs scripts. It's not an in-browser attack, it's people running javascript code unsandboxed on their machine.

So running it via Sandboxie should be secure, correct?

I'm not familiar with Sandboxie, but as far as I can tell then yes running it within Sandboxie should protect you

Only Windows 8 and 10 can do that I believe. Windows 7 users are safe. Which makes this news story very funny: archive.is/SSqRT


There's another one I can't find where he's bitching that Windows 7 is insecure and he wants users to upgrade so they can be safe. The fucking irony.

my sides

it doesnt sound like it's run from in the browser (the exploit would have been patched by now if that was the case). sounds more like you download a .js file, which is equivalent to an .exe in Windows, in terms of what it has access to when you run it

yep, it should protect you

...

Does malware like this ever get released officially? It would be interesting to see how it was put together/reverse engineer.

...

...

wow
try lincux next time

...

...

Here's one: p.teknik.io/B890B

It's not RAA, but is detect by virustotal as Locky & Nemucod, which apparently work similar.

thanks for the new pape

That's the Ambassador Luxury Diamond river bathing package, those guys must be rich.

Webapps were a mistake. Javascript, in general, was a mistake, but I digress.
Webapps on the desktop were two mistakes in one.
We need to remove webdevs immediately.

ahahahahaha

Yes I'm sure hackers release their product for free so people can use it however they want and reverse engineer it.

I'm seeing the biggest retards on Holla Forums lately

Every time I'm convinced that Windows couldn't possibly get any fucking stupider.

I get treated like a 1337 H4CK3R by my friends just because I don't want to gargle shit from my OS. I don't fucking get it. How does it manage to be the worst fucking OS in existence and still have mountains of normalfags defending it for being shit?

Windows Script Host, the gift that keeps on giving since 1999.

At least you can use a decent version of ECMAScript to write your ransomware now.
en.wikipedia.org/wiki/JScript#JScript