Tag Archives for " JavaScript Attachments "


Gmail Will Start Blocking JavaScript Attachments

We have learned that starting Feb. 13; Google will forbid JavaScript attachment on the Gmail service. This move should stop one of the main methods the malware has been distributed during the past two years.


Users who want to attach .JS files to emails in Gmail will no longer be able to do it. Even if a user compresses the file into an archive like .zip or .gz, the user won’t be able to attach it to emails in Gmail.

JavaScript files need to be shared

Yes, there will be rare cases when JavaScript files need to be shared, but that can be done using storage services like Google Drive.

The .JS file extension will be added soon to an existing list of banned file attachments that includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF and .WSH.

Most of the mentioned file types have been abused by criminals for a long time, which is why they are on the list of banned file attachments.

JavaScript files are executed directly on Windows thanks to Windows Script Host (WSH), and that is why cyber criminals have been abusing it during the past two years. JavaScript files can be used as downloaders for other malware, but the biggest problem is that JavaScript can be used for the distribution of ransomware. There is even a ransomware program which was completely written in JavaScript.


As you already know, the number one rule is that if you don’t recognize a file type and you are not sure what it does, you should not open it. If you are expecting files in formats to which you aren’t accustomed to, you should always check with the sender whether you have received what you are supposed to receive, but it would be better not to share such files via email.

We are glad to see that Google is working on security, and we are especially glad to see that they are doing something to combat the spread of ransomware by blocking JavaScript attachments. We have to wait and see the results of their new action against cyber crime.