Tag Archives: javascript

Javascript Deobfucation Tools (Part 2)

Posted on June 25, 2011 by darryl

In the previous article, I manually deobfuscated three malicious scripts. This time around, I’ll use publicly available tools to see which ones can tackle real-world obfuscated Javascript code. Here’s the criteria I used to select the tools: 1. Free 2. … Continue reading

Posted in Malscript, Tools | Tagged , | 1 Comment

Javascript Deobfuscation Tools (Part 1)

Posted on June 17, 2011 by darryl

Deobfuscating Javascript can be tricky so why not make the job easier by using a tool? There’s several tools that can help you deobfuscate Javascript. Before I get to those tools, I wanted to show you how to deobfuscate them … Continue reading

Posted in Malscript, Tools | Tagged , | 3 Comments

Deobfuscate Javascript Using MS Tools

Posted on June 13, 2011 by darryl

Several readers sent me email asking how to decipher Javascript code without doing it manually. There are actually several tools out there that can help you. Malzilla, SpiderMonkey, and Rhino seem to be the most popular. But I found that … Continue reading

Posted in Malscript, Tools | Tagged , , , , , , , | 4 Comments

Black Hole Malvertisement Campaign

Posted on June 11, 2011 by darryl

There’s yet another malvertisement that leads to Black Hole. This campaign is affecting a fairly popular site. The malicious script is linked from many of the site’s pages. Here’s a shot of the webpage’s source code which shows the initial … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , | 1 Comment

Reversing the Incognito Exploit Kit

Posted on June 4, 2011 by darryl

Looks like Incognito got updated yet again. Let’s reverse the Javascript exploit code… First let’s clean this up (the complete script is here)! You can see it’s now using p, div, and span tags to hold the obfuscated code which … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , , , | 5 Comments