Microsoft: Javascript and VBscript massively abused to attack Windows PCs

Posted 08 June 2018 20:13 CEST by Jan Willem Aldershoff

In nearly half of all attacks that don’t involve executable files, attackers make use of Javascript and VBscript, according to Microsoft. The software giant has insights because its Windows Defender anti malware software detects more than 10 million of such attacks on Windows PCs each month.

The attacks are e.g. emails with malicious Javascript or VBScript files attached, which are frequently used to download the actual malware. To protect against such attacks, Microsoft uses machine learning that has been specifically designed to deal with both script languages. But also when Windows Defender encounters unknown files, these machine learning methodologies are used to check those files for suspicious activities.

“Traditional methods of manually writing signatures identifying patterns in malware cannot effectively stop these attacks. The power of machine learning is that it is scalable and can be powerful enough to detect noisy, massive campaigns, but also specific enough to detect targeted attacks with very few signals. This flexibility means that we can stop a wide range of modern attacks automatically at the onset”, according to Microsoft on its website.

Related content

Comment on this news item