back to article Web pests pour two exploit kits into one cup

Web pests have taken an unusal step and delivered two competing exploit kits for the price of one. The feat, noted by Malwarebytes lead intelligence analyst Jérôme Segura, is rare in VXer circles. Perps usually pick one exploit kit and build a campaign around it. Unlucky web users have therefore drunk from the cup of both the …

  1. Pascal Monett Silver badge

    "which execute if users allow malicious Javascript"

    As usual, NoScript FTW.

    Javascript needs to die now, just like Flash. It is a nuisance, a stupid thing on 99% of the websites that use it, and an insult to HTML standards. The vast majority of websites that use Javascript do not actually need it anyway, it's just for making menus look nice and having a stupid slideshow on the home page. If HTML5 can take up that mantle, maybe we can start the process of ridding the Web of this malware-lugging donkey.

    1. Anonymous Coward
      Anonymous Coward

      Re: 2005 called...

      I will now add progressive enhancements to my website - said no developer in the last 5 years.

      JavaScript IS the web now. Do get used to it old chum.

      > mentions HTML5

      You do know that HTML5 is an umbrella for literally dozens of JavaScript APIs?

      1. Pascal Monett Silver badge

        Re: Do get used to it old chum.

        Oh, so because the sodomy gangs are freely roving the streets I have to be happy about it ?

        When something becomes a public menace, it has to be dealt with.

        Now get off my lawn.

      2. Shell

        Re: 2005 called...

        Many of our projects are progressively enhanced (I'm a front end dev for a mid-sized digital agency). We're not alone. Turn off CSS/JS and everything should still work, still be accessible. Browsers and devices change so rapidly, it's not practical to replace a site each time a new device format appears. JS is an important part of the web, and it's not going anywhere, but that's no excuse for lazy development (let alone the legal accessibility implications often associated). Small-screen first, browser agnostic progressive enhancement via feature detection... buzzword overkill, but there's sound reasoning behind these patterns.

    2. Anonymous Coward
      Anonymous Coward

      Re: "which execute if users allow malicious Javascript"

      Javascript needs to die now, just like Flash

      As far as I can see, what these exploits actually all share is Microsoft Windows..

      :)

    3. Dan 55 Silver badge

      Re: "which execute if users allow malicious Javascript"

      You can't get rid of JavaScript, where would we get our active responsive reactive 250MB web pages from otherwise?

  2. Ken Moorhouse Silver badge
    Coat

    FA Cup

    What has this to do with Cups? Apart from some Saucery by the perps, maybe.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021