Industry News

Malicious scripts spammed out to infect computers with ransomware

envelope-spam-800

Although over 100,000 new malware variants may be discovered every day by security researchers, that doesn’t mean that the criminals behind the attacks need to be equally inventive in their methods to infect users.

In fact, truth be told, the methods used to compromise users’ computers are often close to the same types of attacks that we saw twenty years ago.

Why the lack of innovation? Because the existing methods succeed.

We like to think that people learn from their mistakes, and experience will prevent us from making the same errors over and over again. But when we actually look at malware campaigns it’s clear that the old tactics used by hackers are doing just fine.

One of the most common ways in which computers are infected by malware is via boobytrapped email attachment, where the attacker will send a carefully-crafted message to your inbox.

Sometimes they may send the messages to thousands of people around the world, on other occasions they may only target a single individual inside a company.

Regardless of who they’re targeting, they are relying on human weakness (or as I like to call it, “the bug in people’s brain”) that will see the attachment clicked upon, and the computer end up infected.

When I look at my inbox I find countless reminders that criminal gangs are actively using this technique in their attempt to compromise computers worldwide.

Take this simple example, for instance, which seems to demonstrate that making virtually no effort to socially engineer a response is enough to trick curious minds into clicking:

document-malware

A spate of ‘document’ emails, with an attached ZIP file. No explanation is offered in the email of what the ZIP file might contain, or why it has been sent to you.

Your natural curiousity may be enough to make click on the attachment, and unarchive the malicious JavaScript within.

malicious-script

If you made the mistake of running the obfuscated JavaScript file contained within the ZIP, you will most probably find that a copy of the Locky or TeslaCrypt ransomware will be encrypting your files and demanding you pay a ransom for their safe return shortly afterwards…

Malware campaigns like this typically don’t last long. The criminals behind them alter their malware to avoid detection by anti-virus companies, and download their malicious payloads from other web servers.

But even though these attacks flare and subside within just a few hours, you can be sure that others are on their way and more might be appearing in your inbox soon.

The answer is to have a layered defence – run an up-to-date anti-virus solution (the above attack is picked up by Bitdefender as Bitdefender detects as Generic.JS.DownloaderC.8C211DF9), keep on top of security patches, and – if you’re not actually blocking dangerous attachments at your gateway – exercising great restraint over what types of files you are willing to click on when they arrive unsolicited in your inbox.

Because if history has taught us anything, these attacks are going to continue for as long as there are people prepared to click on them.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

3 Comments

Click here to post a comment

Your email address will not be published. Required fields are marked *

  • I received this JS file by mail yesterday and almost every AV program failed to detect this as a virus in first 24 hours including Bitdefender and ESET!!. Then I save this file and execute it inside a virtual machine.. baam !! within seconds many of my files are encrypted with locky extension with them. this is really notorious ransomware !!

  • ‘Why the lack of innovation? Because the existing methods succeed.’

    When I got to that point I immediately thought of this being just like history; many (more likely most) people do not comprehend history if they even bother with history. The only real mistake is not learning from your mistakes; anything else is a learning opportunity (as long as you fix the problems you cause and learn from it, you’ve done exactly as you should do: humans aren’t perfect so mistakes are inevitable). This is one of the reasons history repeats itself. I would say it’s one of the main reasons if not THE main reason that history repeats itself.

    Then I see at the end:
    ‘Because if history has taught us anything, these attacks are going to continue for as long as there are people prepared to click on them.’

    Which is true. Unfortunately history does NOT teach most people anything (that or they simply don’t care if they even accept the concept of history) which is the problem here. When you then think of newer technology (including especially war technology [and worse is AI including killer robot technology … which is extreme cowardice]) it is even more serious. But what can the minority (who learn from history, aren’t weak, destructive, reckless) do? There aren’t enough people to make such major changes over the world. Humans don’t learn and they are inherently weak (seeking power, devising methods of killing remotely, sending people to war [rather than go themselves which would be a lot better but still they are going to destroy and maybe dominate]], many other things), destructive (this is obvious even without the references to war) and reckless (and this is also obvious). That will be the source of extinction because it will happen long before the Sun dies (even if not in our lifetime the situation only worsens).