Home / Breaking News / Gmail Will Block JavaScript Attachment From Feb 15
gmail

Gmail Will Block JavaScript Attachment From Feb 15

In the aftermath of the widespread phishing scam, Gmail has decided to block JavaScript (.js) file attachments from Feb. 13.

Google announced this news on Jan. 25 through its G-Suit Updates blog.

“Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well.” stated the blog.

For the uninitiated, Gmail already blocks standard windows executable files (.exe), batch files (.bat) and Microsoft Management console file (.msc).

To maintain the security of its services, it seems Google will now block .js file attachments, as malicious e-mails often attach various rigged file attachments in these formats to trick users into giving up their credentials.

JavaScript is a programming language used to develop web applications and .js files are often downloaded as a part of web page downloads.

Opening an unknown .js file starts the Windows Script Host, which runs inside the file.  Running the Windows Script Host can prove to be very dangerous for the user as it can easily run Windows executables.

What If People Try To Upload a JavaScript File Post The Deadline?

Google has said that an “in-product” warning will appear if someone tries to attach a .js file attachment in the mail after Feb. 13.

Does This Mean No More Sharing Of JavaScript Files?

No, it does not as users have other options for sharing such files. A user can resort to Google Drive or Google Cloud storage or any other storage solution to receive and share JavaScript file attachments.

Gmail Phishing Scam

For the unfamiliar, Gmail users fell victim to a widespread phishing scam last week, which fooled them to give into giving up Google credentials.

The hackers used the compromised mail accounts to go through the sent folder and pass on the malware to other unsuspecting Gmail users. The best part about the trick is that the malicious mail came from the account of a known person, whose account had already been hacked.

The malware was disguised in the form of a PDF or image. On clicking on a preview, a new tab would open up for the user, asking him or her to log into their Gmail accounts again. The location bar would display the address as “accounts.google.com”, see which most users know they have arrived at the authentic Gmail login page.  What they missed was the small bug hidden in the form of a data file “data: text/HTML” which is attached in front of the hostname.

The hackers behind this scam were able to block the user from using any other services linked to Google accounts.

Why The Measure?

Google has not provided the public with a detailed explanation other than saying that this step was taken for “security reasons.”

Whether this step was taken as a security measure because of the recent phishing scam is not clear and is merely an assumption.

Via

 

About PingTheNews

A place for tips, technology, freebies, deals, how-to's, Inspiration and the latest information for Connected Generation.

Check Also

Google-Play-Freecharge

Recharge Google Play Using Paytm And Freecharge

In order to improve the app’s capabilities, after Paytm, Freecharge has added the facility to …