[Emerging-Sigs] A modest proposal: obfuscated javascript...
Matt Jonkman
jonkman at jonkmans.com
Fri Mar 14 10:08:30 EST 2008
We tried a signature like this a year or so ago, just looking for the
unescape and such. If I recall right we had a lot of false positives and
it was a good deal of load.
I'm sure we could handle the load issues by simplifying the rule, but I
think it'll still result in a lot of false positives.
Matt
Michael Stone wrote:
> On Fri, Mar 14, 2008 at 09:01:34AM -0400, [phantom] wrote:
>> Only problem would be the legit sites that use these techniques would
>> also not be indexed.
>
> Well, then they should try not doing that; I'm having trouble thinking
> of a legitimate reason that someone would need to obfuscate their
> javascript.
>
> Mike Stone
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list