Couple of days ago one of our readers, Mike, submitted a URL to another heavily obfuscated JavaScript. It appeared very interesting so I decided to spend some time figuring out how it works. While it was not ground breaking, the attackers did show advanced knowledge of JavaScript and its uses of object access operators. |
Bojan 402 Posts ISC Handler Apr 7th 2009 |
Thread locked Subscribe |
Apr 7th 2009 1 decade ago |
So what happens when you have normal, non-malicious, auto-generated JavaScript that looks just as ugly and difficult to comprehend? For example, try any of the ads on the Yahoo! Finance query page (http://finance.yahoo.com/q?). There are ads for eTrade, Ameritrade, Fidelity, and Scottrade. All of them create some gigantic and difficult to parse JavaScript files. Are the ad companies using the same techniques to avoid blocking measures?
|
Jasey 93 Posts |
Quote |
Apr 7th 2009 1 decade ago |
Jason, exactly my point why anti-virus vendors must not based their actions on signatures. Even when embedding AV products into the browser/OS this can lead to false positives.
I have to say that I'm strongly against such obfuscation that I see used more and more in legitimate applications as well :( |
Bojan 402 Posts ISC Handler |
Quote |
Apr 7th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!