Gmail Bans JavaScript .JS Attachments to Counter Malware

Gmail Bans JavaScript .JS Attachments to Counter Malware

February 13, 2017, is the day when Google will stop allowing JavaScript attachments on Gmail. These attachments are indeed the most popular way for malware to sneak into a user’s system. More particularly, users will not be able to attach .JS files to emails, and it won’t matter if they attach them directly or include them in archives such as .gz, .bz2, .zip or .tgz.

Related: Porn Clicker Trojan Hides in Google Play Apps, Check Your Android

The list of file attachments banned by Google includes the following:

.JS, .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH.

.JS Files in Malware Distribution

All of the attachments have been deployed in malware distribution campaigns and thus the ban by Google. JavaScript files particularly have been long favored by cybercriminals, mainly because they can be executed directly on Windows via the Windows Script Host component.

Related: Protect Yourself from Getting Infected by Malicious E-mails

.JS files are usually obfuscated and are used as downloaders for malware, especially ransomware such as TeslaCrypt and Locky. There are also ransomware pieces completely coded in JavaScript, like RAA.

How Does Obfuscation Work?

Obfuscators have been used in malware distribution for quite some time Their main purpose is to conceal the binary code of programs so that cybercriminals may be able to prevent the competition from stealing it and copying it. Obfuscators conceal the contents of the malicious files so that they can evade anti-malware software.

Related: Obfuscation In Malware

Besides .JS, other files can be deployed in a similar way such as .VBS, .VBE, .WSH, and .WSF. Luckily, Google blocks all of them.

Users are strongly advised not to open a file type they don’t know or don’t recognize. Make sure to always check the sender. If it seems dubious, it most certainly is!

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.