Google Goes On Offensive vs. JavaScript Attacks

Posted by CmdrTaco on Tuesday July 20, 2010 @04:27AM from the isn't-most-javascript-offensive dept.

alphadogg writes "Google's e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months. Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript. 'In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected,' Google said in its official blog."

1 of 108 comments (clear)

Min score:

Reason:

Sort:

Re:Who the F*** has javascript turned on their mai by GNUALMAFUERTE · 2010-07-20 04:51 · Score: 5, Informative

Nobody is allowing javascript in emails. This is a BUG in Gmail's code, not the user's fault. You use a browser to see your email. Spammers managed to somehow escape JS code and pass it through all of google's filters and execute it in your browser.

--
WTF am I doing replying to an AC at 5 A.M on a Friday night?