Threat Management, Malware

JavaScript spam campaigns on the loose

More than 10,000 instances of malicious JavaScript payloads have been detected in the past two weeks by the Zscaler ThreatLabz team, according to a post on the company blog.

Recipients in a number of malspam campaigns could fall victim should they click on a link. That will trigger a download and launch malware executables delivering a number of  Dropper and Backdoor trojan families. The Internet Explorer web browser shows a warning requesting permission to allow execution of the ActiveX component, but once that's allowed, the malicious payload is downloaded and executed.

What the researchers found interesting in the simple JavaScript was the obfuscation in its code and its dissemination in the malspam campaign. The team detected several trojan iterations being downloaded by the JavaScript files. But, whether the spammed URLs delivered a zipped or a direct version of the JavaScript payload, "the infection cycle remains identical once the user extracts and runs the JavaScript file," the researchers found.

Their advice: Be cautious when clicking on links or attachments from unknown senders. Miscreants behind such campaigns are continually altering their obfuscation strategies to stay a step ahead of detection by security engines.

"It is increasingly important to have multiple security layers to block these kinds of attacks," the Zscaler ThreatLabZ team concluded.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.