Saturday, September 01, 2007

Active anti-reverse techniques in Javascript

We recently came across a very interesting suspicious web page. The HTML page of course contained malicious code that linked to the Trojan. However, it was a separate HTML page inside the benign one - the authors of the code went against HTML standards, and put in an extra container. What's surprising is that browsers (we checked using Internet Explorer, Firefox and Opera) don't have any problem processing a page like this. On the other hand, who would expect malicious users to observe standards?

However, this isn't the main issue. We're interested in the script that the malicious users integrated into the web page. Of course, the script is designed to make analysis as difficult as possible, using techniques to obfuscate the JavaScript.

Read the article HERE.

0 Comments:

Post a Comment

<< Home