On a different forum some asked about a topic and was directed to a ZIP file. I unzipped and found a JS file which I assumed was a java-script file.
In the zip file just a sing;e JS file, no readme.txt, nothing.
Before I carelessly ran what i believe is an executable script, I took a look with Notepad.exe, and have attached a screen shot of the leading part of the file.
For someone like me, what means are available to determine if a JavaScript(?) file is benign?
Thanks, Chris
*.js files - I'm feeling insecure
-
- PlutoniumLounger
- Posts: 16307
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
*.js files - I'm feeling insecure
You do not have the required permissions to view the files attached to this post.
If it isn't one thing it's another, and very often both. E.F.Benson
-
- Microsoft MVP
- Posts: 1338
- Joined: 24 May 2013, 15:33
- Location: Warminster, PA
Re: *.js files - I'm feeling insecure
Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious. It starts off by trying to figure out what browser it's running in -- so it must be intended to be invoked in a browser -- and then it does some setup with fonts and a canvas, so it may have something to do with graphics. So far, there's nothing unusual, but there's no way to know what it does after that without examining considerably more of the code.
The copyright claims to be from Microsoft, but that's easily faked.
Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.
The copyright claims to be from Microsoft, but that's easily faked.
Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.
-
- PlatinumLounger
- Posts: 5513
- Joined: 24 Jan 2010, 08:33
- Location: A cathedral city in England
Re: *.js files - I'm feeling insecure
It's much the same question as asking whether an .EXE file is "benign", surely?
The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)
The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)
John Gray
A car crashed into a barrier at speed; nobody was injured, but a front wheel became detached, and slowly rolled down the road.
Driver [sings]: "You picked a fine time to leave me, Loose Wheel"
A car crashed into a barrier at speed; nobody was injured, but a front wheel became detached, and slowly rolled down the road.
Driver [sings]: "You picked a fine time to leave me, Loose Wheel"
-
- PlutoniumLounger
- Posts: 16307
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: *.js files - I'm feeling insecure
Thanks for this, Jay. To be perfectly hinest (as John Gray points out) I don't have a clue about JavaScript, but had seen enough to realize that this was an executable file"Jay Freedman wrote: ↑24 Mar 2024, 21:38Even if I were an expert Java programmer (which I'm not), there isn't enough in the screenshot to know whether it's benign or malicious.
I agree about "faked", as can be reviews et al. This popped up in a Google Alert. The sparse format, coupled with a question, and answer with a link, and what seems like an immediate response set me thinking "trap". FWIW "Burial at sea" is a rare topic that I thought would hev generated a few more "thanks" responses.The copyright claims to be from Microsoft, but that's easily faked. Instead of looking at the code, you'd get better information by asking whoever posted it or linked to it to tell you what it's for and where it came from.
Then, that what I had expected to be a document of text (DOC, TXT, PDF, ...) turned out to be a JS heightened my awareness.
I think that a JS file is a new thing for me.
Thanks again, Chris
You do not have the required permissions to view the files attached to this post.
If it isn't one thing it's another, and very often both. E.F.Benson
-
- PlutoniumLounger
- Posts: 16307
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: *.js files - I'm feeling insecure
Thanks John. Yes, My question about benign is applicable to EXE files, the difference being that I already know not to trust attached EXE files.John Gray wrote: ↑25 Mar 2024, 09:12It's much the same question as asking whether an .EXE file is "benign", surely? The only difference is that you can read the Javascript (not Java?!) but that is only of minimal use to those whose mind does not contain a Javascript interpreter (which I believe to be true of Chris, even with all his intellectual abilities...)
That this executable is a JS file led me to be suspicious. As I pointed out above, this is, I believe, the first instance of me receiving a JS file when I expected a text-like document.
And yes, while I do have a Turing interpreter in my head (and in my phones, and in my laptops, and ..) JS is beyond my capabilities.
Cheers, Chris
If it isn't one thing it's another, and very often both. E.F.Benson