Beware: JavaScript from Unfamiliar Sites May Be an Attack in Disguise

September 30, 2010Manhattan Tech Support

Everyone enjoys having a more interactive internet experience, and one of the ways websites achieve this is through the use of JavaScript. Unfortunately, hackers and scammers can also utilize the same script to make malicious attacks on your system.

JavaScript makes the web experience very dynamic, enhancing the interactivity of many websites you’ll see it everywhere, from Facebook to the most obscure sites on the web. Another reason it’s popular is that it’s compatible with all browsers, from Internet Explorer to Mozilla and even Mac’s Safari.

Unfortunately, this popularity and wide range of use also makes JavaScript a tool that hackers and other unscrupulous programmers can use to infiltrate and hack into a system. The attacks can be simple or complicated, ranging from simple spam to more elaborate scams. The degree simply depends on the purpose of the script’s designer. What’s more, a quick visit to an infected website can trigger an attack, if your browser is enabled to allow JavaScript to execute from that site.

The good news is that you can protect yourself from these kinds of attacks. Simply block JavaScript from executing from sites you aren’t familiar with better safe than sorry.

  • For Internet Explorer, go to Tools > Internet Options > Security, and set your bar to High. You can also input a list of trusted sites.
  • For Firefox users, a free application called NoScript gives you control over which websites can execute JavaScript on your browser.
  • Google Chrome users can select a universal disabling of JavaScript from all sites, and then add a list of sites exempted from the ban.
  • Other browsers also have options to either disable JavaScript execution or prompt you for permission before the script is run from any website.

You should also be particularly wary of JavaScript attacks originating from malicious PDF files. Antivirus and security firm Symantec reports that almost half of all web-based attacks come from infected PDF files. You can disable JavaScript in Adobe Acrobat Reader by selecting Edit > Preferences > JavaScript, and then removing the check on “Enable Acrobat JavaScript”.

It might seem inconvenient to guard yourself from these sorts of attacks, but in the long run it pays to keep your system secure. If you want to know more about keeping your system clean and safe from attacks, give us a call and we’ll be happy to help you develop a customized plan that meets your particular needs.

Published with permission from Source.