funsec mailing list archives

Previous By Date Next
Previous By Thread Next

fun javascript obfuscation

From: "Alex Lanstein" <ALanstein () FireEye com>
Date: Thu, 16 Jul 2009 22:03:42 -0700
There's some fun (malicious) javascript obfuscation at hxxp : / / drominguf.com / pic / ve.png.  Looks like it uses a 
bunch of non printable/non english characters to get around most simple signatures, with a little decoder at the end

end to end exploit in .pcap form here:
https://csportal.fireeye.com/M285-117-117-31171-2009-07-17-034553.pvna.pcap

Alex


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: