Malware with your Mocha? Obfuscation and antiemulation tricks in malicious JavaScript.
Since its original inception under the name 'Mocha', JavaScript has matured into a programming language that underpins today's web. The growth in popularity of interactive web applications has been facilitated by the development of frameworks and libraries such as jQuery and Prototype. In short, browsing the web without JavaScript support is no longer a realistic option.
Attackers looking to infect victims over the web can use this to their advantage; injecting malicious scripts into legitimate web pages to drive traffic to malicious sites where further scripts exploit clientside vulnerabilities.
In this paper some of the tricks used in malicious JavaScript to evade analysis and detection are examined. Antiemulation techniques are also explored.
Download
Malware with your Mocha? Obfuscation and antiemulation tricks in malicious JavaScript.Author
Fraser Howard
Fraser is a respected security expert, and has been principal virus researcher with SophosLabs since 2006. Fraser joined Sophos from McAfee where he managed anti-malware researchers across EMEA. He was previously technical editor of Virus Bulletin magazine, the industry's leading publication dealing with the issue of viruses and associated malware.
2010-09-30
Malware with your Mocha? Obfuscation and antiemulation tricks in malicious JavaScript
via sophos.com