Comments on: Safely Investigating Malicious JavaScript

By: Ashish

Ashish — Tue, 06 May 2008 07:54:31 +0000

hello everyone
i have a problem that my javascript is encoded and i want to edit this code but i dont know how to decode it here is the code if anyone help me
eval(function(p,a,c,k,e,d){e=function(c){return(c

By: Jose Nazario

Jose Nazario — Tue, 02 May 2006 14:33:16 +0000

WordPress has a tendency to completely screw up technical content. i can’t say i like this software in the least, layout and content get munged.

contact me directly and i’ll forward you a flat text representation of this technique. it’s all cut and paste from actual investigations, so i know it works.

jose _at_ arbor DOT net

By: Jordan Wiens

Jordan Wiens — Mon, 01 May 2006 12:56:55 +0000

Running 0.2.5 NGS-JS, I’m not getting the same verbose error messages you are. Just generic “syntax error” messages. A quick look through the man pages didn’t show any obvious verbosity that changed the error reporting type. Additionally, while the vanilla code without the obfuscated code works fine, when I add that in, I get a syntax error.

Any ideas? I’ve copied and pasted a couple of times to make sure I didn’t fat finger something.

$ js mal.js
js: evaluation of file `mal.js’ failed:
mal.js:7: syntax error

Where mal.js:
function MyDoc() {
function write(text) {
print(text);
}
}
document=new MyDoc();
(ejtqmbz;opof(!xjeui>2!ifjhiu>2!tsd>(iuuq;
0usvtu5gsff/xt0@je>joefy31(?=0jgsbnf?#*>>

(Incidentally, I’m not sure what html will work in comments, so we’ll see how much of this makes it through as a comment)