“Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why.” states Google.
It will be not possible to attach such kind of files, if users will try to attach a .js file the Google will display a warning message while blocking the potentially dangerous file.
Google suggests users share such kind of potentially harmful files through Google Drive, Cloud Storage or similar online storage services.
“It also shows the use of numerous variables containing chunks of strings, which are concatenated at runtime to build needed strings like ActiveXObject names and methods.”
The encrypted Locky ransomware binary was stored in a set of large arrays, at runtime it was decrypted and saved to disk. When the ransomware binary is decrypted it is possible to notice a significant surge in CPU usage from wscript.exe.
In previous campaigns, the experts only noticed the use of scripts as a container for the downloader, instead of the malicious code itself.downloader, instead of the malicious code itself.downloader, instead of the malicious code itself.downloader, instead of the malicious code itself.