Malicious scripts spammed out to infect computers with ransomware

Although over 100,000 new malware variants may be discovered every day by security researchers, that doesn’t mean that the criminals behind the attacks need to be equally inventive in their methods to infect users.

In fact, truth be told, the methods used to compromise computer users’ computers are often close to the same types of attacks that we saw twenty years ago.

Why the lack of innovation? Because the existing methods succeed.

We like to think that people learn from their mistakes, and experience will prevent us from making the same errors over and over again. But when we actually look at malware campaigns it’s clear that the old tactics used by hackers are doing just fine.

One of the most common ways in which computers are infected by malware is via boobytrapped email attachment, where the attacker will send a carefully-crafted message to your inbox.

Sometimes they may send the messages to thousands of people around the world, on other occasions they may only target a single individual inside a company.

Regardless of who they’re targeting, they are relying on human weakness (or as I like to call it, “the bug in people’s brain”) that will see the attachment clicked upon, and the computer end up infected.

When I look at my inbox I find countless reminders that criminal gangs are actively using this technique in their attempt to compromise computers worldwide.

Take this simple example, for instance, which seems to demonstrate that making virtually no effort to socially engineer a response is enough to trick curious minds into clicking:

A spate of ‘document’ emails, with an attached ZIP file. No explanation is offered in the email of what the ZIP file might contain, or why it has been sent to you.

Your natural curiousity may be enough to make click on the attachment, and unarchive the malicious JavaScript within.

malicious-script

If you made the mistake of running the obfuscated JavaScript file contained within the ZIP, you will most probably find that a copy of the Locky or TeslaCrypt ransomware will be encrypting your files and demanding you pay a ransom for their safe return shortly afterwards…

Malware campaigns like this typically don’t last long. The criminals behind them alter their malware to avoid detection by anti-virus companies, and download their malicious payloads from other web servers.

But even though these attacks flare and subside within just a few hours, you can be sure that others are on their way and more might be appearing in your inbox soon.

The answer is to have a layered defence – run an up-to-date anti-virus solution (the above attack is picked up by Bitdefender as Bitdefender detects as Generic.JS.DownloaderC.8C211DF9), keep on top of security patches, and – if you’re not actually blocking dangerous attachments at your gateway – exercising great restraint over what types of files you are willing to click on when they arrive unsolicited in your inbox.

Because if history has taught us anything, these attacks are going to continue for as long as there are people prepared to click on them.

Leave a Reply