There's something I don't understand well.
How could a malicious website, without using some security holes from Flash, Java..., infect an user ? I understand how Javascript can open an invisible iframe that'll make the user download a binary file (the malware), but he would still have to run it himself to infect his system, no ?
Also, talking about Javascript malwares. Why are some malicious email attachments written in JS and named something like "document.doc.js" ? Why not just send directly the malware as "document.doc.exe" ? Why would you send a dropper rather than the malware itself directly ?
>>55587122
Because javascript was intentionally made to infect the biggest amount of users. Jews wanted it this way
>>55587135
You're not even responding to my questions, faggot. Please stop shitposting, it's kike-level.
>>55587122
Think about it... You answered yourself.
>How could a malicious website, without using some security holes from Flash, Java..., infect an user ?
Maybe it really was intentionally. Think about it. How can things like Adobe Flash that is closed source and javascript be so flawed from the beginning? When there are way better alternatives. Maybe someone filled their pockets with copious amounts of money
>>55587233
I said "how" to ask how it works, not "how" as in "How is that possible in $CURRENT_YEAR ?!"
> pre-college me is on /g/ everyday
> fall for the noscript meme
> never use js
> go to school for IT
> webdev class
> ask teacher how js is malicious
> he says it's not malicious for users, but users can maliciously use it to break your sites/dbs
> tfw memed on by /g/
>>55587466
What the fuck is wrong with your teacher
>>55587122
>Why are some malicious email attachments written in JS and named something like "document.doc.js" ?
Windows can execute javascript files
>>55587122
The javascript interpreter can have bugs in it that let malicious javascript directly run code on your PC.
just think of it this way, little johnny:
javascript and flash aren't the only programs on your computer with addressable ports.
>>55587466
>listening to /g/
>>55587785
I understand, but why not just send directly the malware rather than writing a dropper for it in JS ?
I've seen malicious examples with a JS file inside a .zip. That's even more stupid, I know some normies who don't even know how to open one.