Home > Cyber News > Gmail Bans JavaScript .JS Attachments to Counter Malware

Gmail Bans JavaScript .JS Attachments to Counter Malware

February 13, 2017, is the day when Google will stop allowing JavaScript attachments on Gmail. These attachments are indeed the most popular way for malware to sneak into a user’s system. More particularly, users will not be able to attach .JS files to emails, and it won’t matter if they attach them directly or include them in archives such as .gz, .bz2, .zip or .tgz.

Related Story: Porn Clicker Trojan Hides in Google Play Apps, Check Your Android

The list of file attachments banned by Google includes the following:

.JS, .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH.

.JS Files in Malware Distribution

All of the attachments have been deployed in malware distribution campaigns and thus the ban by Google. JavaScript files particularly have been long favored by cybercriminals, mainly because they can be executed directly on Windows via the Windows Script Host component.

Related Story: Protect Yourself from Getting Infected by Malicious E-mails

.JS files are usually obfuscated and are used as downloaders for malware, especially ransomware such as TeslaCrypt and Locky. There are also ransomware pieces completely coded in JavaScript, like RAA.

How Does Obfuscation Work?

Obfuscators have been used in malware distribution for quite some time Their main purpose is to conceal the binary code of programs so that cybercriminals may be able to prevent the competition from stealing it and copying it. Obfuscators conceal the contents of the malicious files so that they can evade anti-malware software.

Related Story: Obfuscation In Malware

Besides .JS, other files can be deployed in a similar way such as .VBS, .VBE, .WSH, and .WSF. Luckily, Google blocks all of them.

Users are strongly advised not to open a file type they don’t know or don’t recognize. Make sure to always check the sender. If it seems dubious, it most certainly is!

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share