Home / / Poisoned JavaScript code tops malware list

Poisoned JavaScript code tops malware list

Fortinet says JavaScript is one of the most popular languages used today for attacks

JavaScript is one of the most popular languages used today for attacks, says Fortinet.
JavaScript is one of the most popular languages used today for attacks, says Fortinet.

Tainted JavaScript code has been identified as the leading malware variant in the world right now, according to security firm Fortinet.

The obfuscated JavaScript code ‘JS/Redir.BK!tr' presently accounts for 48% of all malware activity when analysed in relation to all the threats reported.

The JavaScript code is known to redirect users to different legitimate domains that host an injected HTML page called ‘z.htm'.

Fortinet believes the code is circulated through an attachment in spam e-mails. One attack saw the HTML containing the malicious JavaScript code attached as a file called ‘open.htm' in an e-mail that asked the user to update their MS Outlook, while another was socially engineered for the FIFA World Cup in an e-mail warning about bad news. The code was attached in a file named ‘news.html'.

Another variation used social networking site Facebook, asking users to change their passwords with the HTML file attached being ‘facebook_newpass.html'.

"There is no doubt that JavaScript is one of the most popular languages used today for attacks. It is used in a growing amount of poisoned document attacks (PDF), particularly with heap-spray based techniques. It's also used to launch exploits, and it is popular as a browser redirector to malicious sites, since the JavaScript code can be obfuscated and appear to be more complex than traditional IFrame based attacks from the past," said Derek Manky, project manager, cyber security and threat research, Fortinet.

"While it is not always feasible to disable JavaScript, consider policies based around the usage / execution of scripts; especially for document files. Of course, we recommend antivirus for mitigation against such JavaScript based attacks at all layers (web, email, etc)," added Manky.

 



CHANNEL AWARD 2018