Thwarting New JavaScript Malware Obfuscation

I Don't Believe in Imaginary Property writes "Malware writers have been obfuscating their JavaScript exploit code for a long time now and SANS is reporting that they've come up with some new tricks. While early obfuscations were easy enough to undo by changing eval() to alert(), they soon shifted to clever use of arguments.callee() in a simple cipher to block it. Worse, now they're using document.referrer, document.location, and location.href to make site-specific versions, too. But SANS managed to stop all that with an 8-line patch to SpiderMonkey that prints out any arguments to eval() before executing them. It seems that malware writers still haven't internalized the lesson of DRM — if my computer can access something in plaintext, I can too."

DRM Lesson

[MyLongNickName]

It seems that malware writers still haven't internalized the lesson of DRM â" if my computer can access something in plaintext, I can too.

The malware writers don't need a 100% success rate. They are simply tring to get their software on enough machines to build a nice bot empire.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Threat levels?

[martinw89]

Ouch, I didn't realize how common this was. Feel free to moderate the grandparent post into oblivion.

Re:SANS

[sm62704]

But they update their diary every day, which means for the most part, it's totally boring crap.

Welcome to my slashdot journal (NSFW)

they're a bit old in the tooth now

Piece of cake, easy as pie. The saying is "long in the tooth", comrad.

the Internet just isn't that risky anymore.

You're not paying attenton.