Google to Block JavaScript File Attachments
Posted by: Timothy Weaver on 01/28/2017 12:31 PM
[
Comments
]
Google has announced that beginning Feb. 13th, 2017, the email service will no longer allow attachments that contain JavaScript (.js) files.
Google already blocks potentially dangerous files such as .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd.
Users who try to attach such files will see a message stating that the file has been blocked for security reasons and there will be a "help" link for further information.
If, for some reason, a user needs to attach such files, Google recommends using Drive, Cloud Storage or other file-sharing services.
Malware campaigns recently have been using .js files in attachments to deliver ransomware. One example is the Locky ransomware which used JavaScript attachments to drop downloaders.
Other security measures have been taken by Google recently including flagging unauthenticated messages and potentially dangerous URLs, as well as disabling support for the RC4 cipher and the SSLv3 protocol.
Source: Security Week
Google already blocks potentially dangerous files such as .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd. Users who try to attach such files will see a message stating that the file has been blocked for security reasons and there will be a "help" link for further information.
If, for some reason, a user needs to attach such files, Google recommends using Drive, Cloud Storage or other file-sharing services.
Malware campaigns recently have been using .js files in attachments to deliver ransomware. One example is the Locky ransomware which used JavaScript attachments to drop downloaders.
Other security measures have been taken by Google recently including flagging unauthenticated messages and potentially dangerous URLs, as well as disabling support for the RC4 cipher and the SSLv3 protocol.
Source: Security Week
Comments
