many malware authors using obscured javascripts for redirect browsers to infected URLs.
I will introduce several methods to decode malicious javascripts:
simple way to decode javascript:
find all "document.write" or "eval" in your javascript and replace them with "alert" .this act will cause decoded string show in a messagebox .(this isn't work on evry coded script certainly).
decode javascript via firefox:
this way show to you that where redirect your script ?, first going to "bookmarks" menu and select "organize bookmarks..." next select "file->new bookmark" after bookmark window appeared , enter a optinal name and copy & paste target script in "location" and press ok . to watch affect of this act just select created bookmark next select "properties" (in right-click) and looking "location" . this is a stupid solution but easy .
for more information you can read SANS paper for find other ways.
If didn't work these ways then going to a bookstore and buy a javascript book and decode your script :)
Tuesday, July 24, 2007
Decoding malicious Javascripts
Posted by kernex at 4:27 AM
Labels: Decoding, Javascript
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment