Having Internet access is a must for most employees. They need it for various productivity tasks. What was once a “nice to have” is not necessary for job function. IT administrators are forced to provide Internet access even if it’s limited to certain parts of the web. The difficult part is providing open Internet access while still protecting the network from malicious attacks and malware.

Tricking users into downloading malicious content.

A common theme that continues to plague the Internet is tricking users into downloading malicious content. It’s usually veiled with the promise to upgrade software so that users can view a video or fix virus problems, but the latest attack targets Firefox users. A malicious site sends the user a JavaScript file, and the page is decorated with images and HTML elements that look exactly like the legitimate Firefox update page.

Traditionally, these sites were used for the tech support scam – users had an alert that they had a virus on their computer. Then a popup showed a number where tech support could supposedly be found. Users were encouraged to call the contact number where they would be tricked into installing Team Viewer. The scammer then locks the computer until several hundreds of dollars are paid by the victim. In some cases, the scammer would just hang up the phone after being paid money. It’s a common scam on the Internet. But the difficult part for the scammer is to convince the user to install Team Viewer and lock the computer.

Malware infecting computers from Malicious Sites.

With the latest malware attack, users are shown a fake Firefox upgrade page. Then a JavaScript file is shown as the download. Normally, the legitimate upgrade page shows an executable download that the user runs to update Firefox. If the user doesn’t take a closer look at the file, the JavaScript file goes unnoticed. The user downloads it and then the machine is infected.

The infection stems from websites that have been hacked, so the JavaScript file seems harmless. However, the file infects the user’s machine and downloads trojans and other malware that give an attacker the ability to remotely access the machine. It’s a new attack using traditional methods gaining trust from users who would normally reject downloads from third-party untrusted sites. If the user is on a corporate network, this could mean problems with privacy and data security for customers or even employees within the organization.

Cyber security analysts have noted that the attack is targeted for specific users, and it even disables if the same IP refreshes the page or revisits it. Many malicious attacks are disorganized. But security analysts have noted that this one seems to be coordinated heavily. This helps trick more users and infect more machines.

Education is a must for employees.

For IT administrators, protecting the corporate network from these types of attacks is difficult due to the infection being trusted websites. Ars Technica security experts couldn’t identify the number of websites infected, but reports on Twitter discuss the recent attack mainly from SquareSpace sites infected with malware.

Education is key to defend against these attacks and to prevent being duped by malicious sites. Users should never download JS files from a random website. This is most certainly malicious in most cases. Users should know never download a JS file for a rogue update. JS files have also been the source for cryptojacking attacks that steal computer resources and cost companies thousands in extra utilities fees.

JS continues to be a common language in website code. But the risks are there. Educate users on the risks of JS files, and use filtering that stops downloads from happening on your corporate network.