funsec mailing list archives
fun javascript obfuscation
From: "Alex Lanstein" <ALanstein () FireEye com>
Date: Thu, 16 Jul 2009 22:03:42 -0700
There's some fun (malicious) javascript obfuscation at hxxp : / / drominguf.com / pic / ve.png. Looks like it uses a bunch of non printable/non english characters to get around most simple signatures, with a little decoder at the end end to end exploit in .pcap form here: https://csportal.fireeye.com/M285-117-117-31171-2009-07-17-034553.pvna.pcap Alex _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- fun javascript obfuscation Alex Lanstein (Jul 16)