Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Goes On Offensive vs. JavaScript Attacks

Posted by CmdrTaco on from the isn't-most-javascript-offensive dept.

alphadogg writes "Google's e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months. Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript. 'In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected,' Google said in its official blog."

2 of 108 comments (clear)

  1. Re:Scheme by vbraga · · Score: 5, Interesting

    JavaScript itself is not problem, even if "use strict" would come handy. The biggest problem is DOM and other associated APIs a JavaScript programmer must deal with. It's horrible. But along good practices (Crockford's Javascript The Good Parts come to mind) it is a very nice language to deal with.

    Take a look at Crockford's JavaScript: The World's Most Misunderstood Programming Language for reference.

    --
    English is not my first language. Corrections and suggestions are welcome.
  2. Anyone using most email clients? by name_already_taken · · Score: 3, Interesting

    Don't most email clients that display html format messages use one of the popular rendering engines, like Webkit? Presumably the html portion of the message is just passed to the rendering engine and the javascript magic happens.

    --
    Putting moderation advice in your .sig lowers your karma!