Posted on 01/03/2016 11:16:43 PM PST by Utilizer
A new type of ransomware has been spotted, the first of its kind, a ransomware that uses JavaScript to infect its users, being coded on top of the NW.js platform.
NW.js, formerly known as Node-WebKit, is a powerful platform that allows developers to create desktop applications via Node.js modules. The platform lets programmers use JavaScript in the same way, and with the same power and reach inside the underlying operating system's guts, as other more powerful languages like C++, Delphi, Java, ActionScript, and C#.
If the name hasn't tipped you off yet, NW.js uses a stripped down version of WebKit, the same layout engine used in Chrome, Safari, and Opera, but without many of its limitations. While browsers limit what JavaScript code can do, NW.js removes these limits and allows JS developers to interact with the OS itself.
NW.js can run on all three major operating systems, meaning that ransomware coded to work on top of it would theoretically be able to target all operating systems at once.
(Excerpt) Read more at news.softpedia.com ...
Ping...
Dunno if this of interest to you, mate, but just in case... ping.
Well what do you know, a use for bitcoins other than buying drugs. To pay off your ransomware virus fees.
Pinging Shadow Ace and Thunder Sleeps for their lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
In iOS. . . SafariGo to Settings/ Safari / Advanced. Turn off JavaScript.
In OS X Safari
Open Safari
Click on Safari Prefernces
Select Security Tab
Uncheck "Enable JavaScript"
Close Preferences pane.
In Windows Safari
Open Windows Safari
Click on the Tools Button icon Tools Button at the top-right of the app window
Click on the Preferences menu item
Click on the Security icon
Un-check the Enable JavaScript option.
Close the Preferences window and restart Safari.
Seriously? Disable javascript? What, are we back to HTML 2.0?
Right click the Google Chrome icon in your desktop, then click Properties.2. Click Shortcut tab.
3. Add -disable-javascript parameter in the Target field.
4. Click the OK button.,
Turning JavaScript off in Apple OS X Chrome:
Go to this link and follow the steps shown to turn off JavaScript in Apple OS X
It may be necessary until they get a handle on blocking this All Platform Ransomeware exploit.
You are telling everyone to browse without javascript?
Don’t worry, Dude. Apple products are immune to exploits, aren’t they? I mean, you don’t need an antivirus program, so don’t worry.
Wouldn’t it be safer to just not run as administrator ( which you should never do - always run with non admin privileges ) in the first place instead of disabling javascript ?
Currently, only Windows machines have been infected, but we may be one update cycle away from seeing the first truly cross-OS ransomware family.
You run node server-side, well. It ain’t rails or jetty, that’s for sure.
Let alone IIS.
And use an antivirus program.
Oh, Mac doesn't need an antivirus program. Just browse without JavaScript.
Yes, I am. Currently, this exploit is only in the wild for Windows, but it works through browsers, and will not give any privilege escalation, but it could steal user's passwords, data, and other critical information.
Even though on a Mac the Browser operates in a sandbox, the browser can call passwords from the keychain and auto fill user data into fields. This exploit could conceivably cause your browser to navigate to a malicious website with appropriate fields to be auto-filled, do so, then call passwords for commonly visited websites in your bookmarks and harvest them.
Always. But this doesn't matter for what it does. It works through the browsers using JavaScript and it isn't intended to install malware. It is a script the browsers are supposed to run. . . But this one can do things other scripts aren't permitted to do.
Turn off javascript? Might as well turn off css.
Hey, I don’t suppose this is the virus which infected the FreeRepublic servers and made it put out weird characters?
Would it be that simple. Sadly, it's not.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.