Kaizenlog

—————————————+
| Thwarting New JavaScript Malware Obfuscation                       |
|   from the drm-never-works-give-it-up dept.                        |
|   posted by kdawson on Tuesday July 15, @15:04 (Security)          |
|   http://it.slashdot.org/article.pl?sid=08/07/15/1828237 |
+——————————————————————–+

[0]I Don’t Believe in Imaginary Property writes “Malware writers have
been obfuscating their JavaScript exploit code for a long time now and
SANS is reporting that they’ve [1]come up with some new tricks. While
early obfuscations were easy enough to undo by changing eval() to
alert(), they soon shifted to clever use of arguments.callee() in a
simple cipher to block it. Worse, now they’re using document.referrer,
document.location, and location.href to make site-specific versions, too.
But SANS managed to stop all that with an 8-line patch to [2]SpiderMonkey
that prints out any arguments to eval() before executing them. It seems
that malware writers still haven’t internalized the lesson of DRM — if my
computer can access something in plaintext, I can too.”

Discuss this story at:
http://it.slashdot.org/comments.pl?sid=08/07/15/1828237

Links:
0. http://www.eff.org/support
1. http://isc.sans.org/diary.html?storyid=4724
2. http://www.mozilla.org/js/spidermonkey/