A friend received an email titled “Good morning” with the following contents:
I was visting your webpage on 5/5/2016 and I’m interested.
I’m currently looking for work either full time or as a volunteer to get experience in the field.
Please look over my Resume and let me know your thoughts.Regards,
—
Chaitanya Prabhat
The email also happened to include an attachment named Resume_475.js which is a Javascript file. This is potentially nastier than Javascript in a standard webpage because the code is executed via Wscript (Windows-Based Script Host) and thus does not have restrictions such as Same-Origin Policy, and allows this Javascript access to local files and to run arbitrary commands.
Continue reading “Good morning – malicious Javascript attachment”