back to article Gootloader malware updated with PowerShell, sneaky JavaScript

The operators of the Windows Gootloader malware – a crew dubbed UNC2565 – have upgraded the code in cunning ways to make it more intrusive and harder to find. Researchers with Google-owned security shop Mandiant started seeing significant changes to the Gootloader malware package – also known as Gootkit – in November 2022, …

  1. Duncan Macdonald

    Browser code execution

    If browsers were just that without the ability to run code then the vast majority of these attacks would not be possible.

    Unfortunately advertisers want the ability to execute code on the users computers (where the cost is born by the users) rather than on the servers (where they would have to bear the cost) and also want to be able to extract as much data about the users as possible..

    For a safe browsing experience the browser should only execute HTML with no scripting or invoking other programs - however almost all sites now require the browser to support active scripting (shades of Internet Explorer and ActiveX!!). Now often even the website authors do not know what code the users are being asked to execute as their code pulls in code from other libraries which then pulls in further code.

    It is getting to the point where the only safe way to run a browser is in a VM with no persistent storage using a Linux live CD (or DVD) image.

    Even with Noscript, Spybot S&D and Norton Security (and using Firefox instead of IE or Edge) all too often browsing seems like treading a path through a minefield!!!

    Icon for what should happen to the people who insist on browsers having active scripting ============>

    1. Anonymous Coward
      Anonymous Coward

      Re: Browser code execution

      Green screens (or black and white if it’s a VT100) is the only way to go …. The future is behind us

      1. Spamolot

        Re: Browser code execution

        I'd say fire up the old 1200 baud modem and dial up your legacy ISP (is AOL still around?). You'd at least stand a fighting chance to stop any webhack before it could completely deploy the package and launch an attack...

    2. Black Label1
      Black Helicopters

      Re: Browser code execution

      Agree 100%

      Users: Run Browser in a VM, clear the profile (rm -rf) from time to time

      Devs: Cleanup your javascript libraries before serving files to the users, specially removing foreign-hosted code (like those bootstrap code often pointing to google servers)

  2. dave 93

    Why is there an iMac in the article picture?

    Love them, or hate them, Macs are immune from the attacks described in the article that apparently affect Windows machines only.

    I know El Reg is ideologically opposed to Apple products, but this is quite a misleading picture, deliberately made up with a fake virus alert pasted onto its screen, and the Apple logo removed.

    We would all be interested to know how many of Register reporters are using Apple products to regularly have a pop at Apple products.

    I dare you to come clean on the number of iPhones, iPads and MacBooks in daily use at Vulture HQ.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like