Google to Block JavaScript Files on its Email Service

Google to Block JavaScript Files on its Email Service

Google is set to ban JavaScript files from its popular email service, Gmail. The company has announced that starting on February 13th; users of Gmail will not be allowed to attach JavaScript files when sending email messages.

The decision of the company comes at a time when many cyber security experts are repeatedly warning users against clicking on JavaScript files that they get in emails.

A few months ago, cyber security researchers at Microsoft warned the public against opening email messages that carry attachments in the form of JavaScript.

In a long post, the Microsoft cyber security researchers pointed out that cybercriminals are increasingly using JavaScript as the preferred form of sending malware to unsuspecting users.

The researchers further noted that criminals were sending different types of Trojan malware to unsuspecting users by disguising the malware as a JavaScript file attachment. Once individuals click on the files, the JavaScript file executes automatically on their machines, thus helping cybercriminals to inject malware into the computers of the users.

It appears that the decision of Google is based on the need to limit the number of file types that criminals repeatedly use to spread malware.

Google has already banned many file formats from its Gmail service. Some of the common file formats that the company has banned so far include VBS and VBE. VBS (VBScript) and VBE (VBScript Encoded) are common forms of scripting files that hackers and cyber criminals use to send various types of malware to people.

Other common unusual file formats that Google has already banned from its Gmail service include WSH and WSF. These two file formats, the Windows Script Host Settings File and the Windows Script File, have the capacity to execute once they land on a device automatically. It is this unique feature of these types of files that has made them attractive to cyber criminals who spread malware over the internet.

It has been reported that some of these unusual file formats have been used by criminals to carry out some of the most sophisticated and widespread malware attacks. For example, it has been reported that the criminals who once successfully ran a ransomware campaign that later came to be known as TeslaCrypt solely relied on JavaScript and other similar scripting files to spread the malware to users over the internet.

To many observers, the decision by Google to ban JavaScript is a step in the best direction, given that it is highly unlikely for ordinary users of the service to send attachments to fellow users in unusual formats.