Your browser is obsolete!

The page may not load correctly.

Configure it!

Настрой-ка!

Other issues in this category (31)
  • add to favourites
    Add to Bookmarks

When threats get updated, Dr.Web gets updated too

Read: 1105 Comments: 3 Rating: 13

Cybercriminals have to exercise ingenuity in order to keep on engaging in illegal activities. One of their "inventions" is using scripting languages to penetrate a system (back in 2011, Doctor Web added a special module that checks JavaScript to its products: Dr.Web ScriptHeuristic).

However, JavaScript is not the only scripting language you can come across on your computer.

And if JavaScript’s equivalent Jscript, which is executed with the help of Windows Scripting Host (WSH), has been used by virus writers for a long time (for example, it was used to design Trojan.Encoder.4860), users know much less about how PowerShell (a scripting language that is available when Microsoft .NET Framework is present in a system) is used.

This vulnerability was detected in Microsoft Word. Cybercriminals have developed an active exploit for this application in the form of a Microsoft Word document. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.

http://news.drweb.com/show/?i=11268

Because cybercriminals are using JScript and PowerShell, Dr.Web’s protection needed to be enhanced further. As a result, the Dr.Web Amsi-client protection module was developed. Its task is to check running scripts—PowerShell, JavaScript, and VBScript.

#drweb

#JavaScript #ScriptHeuristic #Dr.Web_technologies #Trojan.Encoder #vulnerability #exploit #cybercrime

Dr.Web recommends

Updates are not made for anti-virus products just so users can be reminded of them for the umpteenth time. Behind each update message you get are serious fixes and improvements. If the anti-virus needs rebooting, it probably means your protection needs to be enhanced to deal with emerging, new threats. Do not ignore these requirements—it is better to spend a few minutes for a reboot than to have to deal with the consequences of a sudden infection.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments