Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (55)
  • add to favourites
    Add to Bookmarks

Cunning JavaScript

Read: 1017 Comments: 15 Rating: 42

It’s quite common to hear about bank webpages being modified by malware and certain resources (e.g., antivirus-related ones) being at risk of becoming blocked. How difficult is it for cybercriminals to perform such maneuvers? Let’s take a look.

JavaScript, a specialised programming language, comes to the rescue of criminals. It allows some code to be executed on the user sidei.e., not on the server side, from which website page content is downloaded.

JavaScript can help execute actions during certain events—for example, when a webpage is loading completely, or when a user clicks on a page element (a button, link, etc.). In addition, JavaScript can be used to identify the browser in use. As a result, the user views pages that are optimised specifically for his/her browser.

Moreover, JavaScript can be used to save and upload information from a computer, including critically important information.

So, if we visit a website, some programs are downloaded onto our computer (as text scripts with very simple syntax), and a cybercriminal can modify those programs as they see fit.

After filling out all the forms, the “Send” button wouldn’t work. It turned out that the JavaScript code placed on the webpage blocks the button 24/7 except for Mondays through Thursdays from 9:00 to 17:00, and Fridays from 10:00 to 18:00.

#drweb

The researcher recommends that users simply disable JavaScript in order to bypass this limitation.

https://rublacklist.net/20379

Dr.Web recommends

  • Unfortunately, no solution exists that can help determine whether what we see displayed on website pages is exactly what the site owner wants us to see. Alas, a website can be modified on the developer side (as a result of hacking, the presence of a vulnerability in the website’s engine, or due to a trivial leak of the passwords used to access it), as well as on the user side. Banking Trojans and phishers especially like to modify website pages. To minimise the risk, it is essential that you use anti-virus software that doesn’t allow malware to penetrate your computer.

    Dr.Web ShellGuard technology is an effective security tool for preventing website pages from being modified. It tracks attempts made to embed malicious code (exploits) in a browser’s running process and prevents malware or phishing modifications.

    Learn more about this technology on the page Technologies for analysing behaviour and terminating malicious processes—Dr.Web ShellGuard.

  • Modern browsers let you disable JavaScript for all websites or (using special plugins) just some of them.

    Important! Disabling JavaScript may cause some websites to fail, so use this feature carefully.

    As an example, let’s consider the option to disable JavaScript for Mozilla Firefox. Unfortunately, in the latest versions the option to disable JavaScript has been removed from the browser’s settings page, so you need to take a more circuitous route:

    1. In the browser’s address bar, enter the command about:config.
    2. In the newly appeared window, click on “I’ll be careful; I promise!”.
    3. In the search box, enter javascript.enabled.
    4. Left-click on the Status column; select “Switch”; and in the column “Value”, change “false” to “true”.
    5. Reload the current browser page.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments