Windows has issues that make it easy for this type of infection to take hold:

  1. Javascript once it gets onto the system is run by the Windows Scripting Host which has a very high level of system access.
  2. Windows hides file extensions so the .js extension isn’t shown.

Javascript is a very powerful language that windows runs at a high privilege level.  Sophos UTM products have been able to block this for some time via their web filtering systems.

Desktop A/V unfortunately has a very difficult time stopping this web based threat due to the very high levels of access JavaScript is allowed to have on Windows systems.  This can allow JavaScript based threats to bypass your installed endpoint anti-malware.  If you are a SMB and do not have something at the edge protecting your network, contact ETC Maryland soon to see how your network could be better protected against this newest web-based threat.