To Customer Support To Customer Support

Malicious spam with zip attachments containing .js files

  • 16 September 2015
  • 0 replies
  • 150 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Published: 2015-09-16
Last Updated: 2015-09-16 02:28:55 UTC
by Brad Duncan (Version: 1)
 
Introduction
On 2015-07-29, the ISC published a diary covering malicious spam (malspam) with zip archives of javascript (.js) files [1].  Since then, we've received notifications from others who have found this type of malspam.  Let's revisit the spam filters, search for this type of email, and see if anything has changed.
 
Background
Although zipped .js attachments in malspam is nothing new, we noticed a significant increase since January 2015.  This appears to be botnet-based malspam, and we've noticed different payloads as the second-stage download after running the .js file.
A few points to make, before we proceed:
  • This malspam appears to target Windows computers.
  • The extracted file is Javascript-based, and the infection requires user action.
  • The user must open the zip attachment, extract the .js file, and manually run the .js file.
  • A properly-administered Windows host using software restriction policies should prevent an infection.
  • A properly-administered spam filter will prevent this type of malspam from reaching the recipient's inbox.
Full Article

0 replies

Be the first to reply!

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.