Your browser is obsolete!

The page may not load correctly.

Configure it!


Other issues in this category (41)
  • add to favourites
    Add to Bookmarks

When threats get updated, Dr.Web gets updated too

Read: 19094 Comments: 2 Rating: 14

Friday, April 28, 2017

Cybercriminals have to exercise ingenuity in order to keep on engaging in illegal activities. One of their "inventions" is using scripting languages to penetrate a system (back in 2011, Doctor Web added a special module that checks JavaScript to its products: Dr.Web ScriptHeuristic).

However, JavaScript is not the only scripting language you can come across on your computer.

And if JavaScript’s equivalent Jscript, which is executed with the help of Windows Scripting Host (WSH), has been used by virus writers for a long time (for example, it was used to design Trojan.Encoder.4860), users know much less about how PowerShell (a scripting language that is available when Microsoft .NET Framework is present in a system) is used.

This vulnerability was detected in Microsoft Word. Cybercriminals have developed an active exploit for this application in the form of a Microsoft Word document. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.

Because cybercriminals are using JScript and PowerShell, Dr.Web’s protection needed to be enhanced further. As a result, the Dr.Web Amsi-client protection module was developed. Its task is to check running scripts—PowerShell, JavaScript, and VBScript.


#JavaScript #ScriptHeuristic #Dr.Web_technologies #Trojan.Encoder #vulnerability #exploit #cybercrime

The Anti-virus Times recommends

Updates are not made for anti-virus products just so users can be reminded of them for the umpteenth time. Behind each update message you get are serious fixes and improvements. If the anti-virus needs rebooting, it probably means your protection needs to be enhanced to deal with emerging, new threats. Do not ignore these requirements—it is better to spend a few minutes for a reboot than to have to deal with the consequences of a sudden infection.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.