JavaScript encryption added to malware arsenal

Summary:Malicious hackers are starting to encrypt JavaScript files to escape anti-virus detection, adding another element of sophistication to browser-based malware attacks.

VANCOUVER, BC -- Malicious hackers are starting to encrypt JavaScript files to escape anti-virus detection, adding another element of sophistication to browser-based malware attacks.

But, according to a security researcher who spends his time reversing malware samples, there are tools available to figure out exactly what obfuscated Javascript does and pinpoint the motive of the attacker.

At the CanSecWest conference here, Arbor Networks senior security engineer Jose Nazario gave attendees a glimpse at the lengths to which malware writers go to defeat anti-virus scanners, warning that the use of cleverly encrypted JavaScript has been added to the attackers' arsenal.

For example, when the Dolphin Stadium site was hijacked just before this year's Super Bowl, a malicious JavaScript file was inserted into the header of the front page of the site. A surfer browsing the site with a vulnerable version of Microsoft's Internet Explorer then executed the script, which installed a Trojan downloader from a different server.

During his talk, Nazario described how command-line JavaScript interpreters like NJS can be used alongside tools like Mozilla's SpiderMonkey and Rhino to pick away at the obfuscation techniques.  He offered a simple tutorial for doing this and suggested the need or improved tools to automate some of the reverse-engineering efforts.

Nazario also warned that Flash was becoming another distribution mechanism for malware, noting that .swf files were also redirecting browsers to phishing scams and dirty sites rigged with malicious executables.  Here again, Nazario said a free tool like Flasm could be used to disassemble Flash ActionScript bytecode.

"The bad guys are using JavaScript [and Flash] as their delivery vehicle.  You should learn it and love it to figure out their actions," Nazario told the conference attendees.

Topics: Open Source, Malware

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.