[Emerging-Sigs] A modest proposal: obfuscated javascript...
Scott Melnick
duckie37 at gmail.com
Fri Mar 14 18:45:15 EST 2008
On Fri, Mar 14, 2008 at 7:29 PM, David Glosser <david.glosser at gmail.com>
wrote:
> I hate to think it is wishful thinking but you are probably right. But
> can it be limited to certain types of obf javascript code, like Jason
> mentioned earlier?
>
You can catch it when it is static, sure. But like all other things, the
code keeps changing.
You can't tag it by the packer because of course legitimate people are using
the same packers.
I'm no expert on obf JS but here is an interesting read on it. Wish they
would chime in on the subject as I know they do a lot of research on this...
http://www.secureworks.com/research/threats/thepacker/
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080314/190e570b/attachment-0001.html
More information about the Emerging-sigs
mailing list