Every few weeks or months when I think I have seen it all, a new method comes along to infect Windows computers. Why? Because email security gateways, rules and people get used to patterns.



An email comes along with a tiny zip attachment disguised as a CV or invoice. Within the zip file is a .js file. The .js is not the virus or payload, but a way to download or extract the .exe payload.



Virus Total shows a low 5/57 detection rating.



How can a tiny file harm me? The file is mostly encoded as HEX and an online tool reverses most of the code. To put it simply, double click on the file and it downloads the .exe payload off a hijacked site and runs malware family x.

Solution? Multiple defences and custom rules to block a long list of bad known file types in emails and in archives.