Comments on: The 10.000 Sites JS Malware Source Code Leaked http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/ Information Security Think Tank Sat, 30 Aug 2008 10:23:57 +0000 http://wordpress.org/?v=2.6.1 By: Jason http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-122886 Jason Tue, 08 Jul 2008 12:58:00 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-122886 Thanks for the post. I was searching for an example . Just wish people would keep their MS servers patched, as it would make it a better environment for the normal web surfer. Jason Thanks for the post. I was searching for an example . Just wish people would keep their MS servers patched, as it would make it a better environment for the normal web surfer.

Jason

]]> By: Edgar http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117644 Edgar Sat, 29 Mar 2008 01:04:00 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117644 Bharadwaj, i use NOD32 2,5 old version I think, maybe i have allert NOD 32, becouse i set ON all the Threat Sense Scanning engine option Bharadwaj, i use NOD32 2,5 old version
I think, maybe i have allert NOD 32, becouse i set ON all the Threat Sense Scanning engine option

]]> By: ronald http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117634 ronald Fri, 28 Mar 2008 11:35:49 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117634 Well, actually files that are being placed on someone's PC is the least I'm interested in, since that isn't important. The code above shows us that is makes use of heap spraying to execute shellcode, which is more important to analyze than the next bat file, which is a no-brainer anyway. Well, actually files that are being placed on someone’s PC is the least I’m interested in, since that isn’t important. The code above shows us that is makes use of heap spraying to execute shellcode, which is more important to analyze than the next bat file, which is a no-brainer anyway.

]]> By: drorshalev http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117621 drorshalev Thu, 27 Mar 2008 19:45:06 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117621 Hola Pdp , SuperCool talk , JS code still show bad functions like : <pre><code>.WriteText( .SaveToFile(</code></pre> etc. which can use only as a payload after exploit run Dror Hola Pdp ,
SuperCool talk ,

JS code still show bad functions like :

.WriteText(
.SaveToFile(

etc. which can use only as a payload after exploit run

Dror

]]> By: Bharadwaj http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117620 Bharadwaj Thu, 27 Mar 2008 19:05:14 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117620 Edgar, I din't get that problem at all though I was using NOD 32 total security. Mine went fine and normal like before. Edgar, I din’t get that problem at all though I was using NOD 32 total security. Mine went fine and normal like before.

]]> By: pdp http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117466 pdp Wed, 26 Mar 2008 07:32:59 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117466 Edgar, this case confirms that modern technologies cannot make sense of Web/Client-side attacks and vulnerabilities. They are shooting in the dark by performing a global match against a signature without verifying if that signature is actually within an executable block. Thanks for letting us know. It is an excellent example I can use for future reference. Edgar, this case confirms that modern technologies cannot make sense of Web/Client-side attacks and vulnerabilities. They are shooting in the dark by performing a global match against a signature without verifying if that signature is actually within an executable block. Thanks for letting us know. It is an excellent example I can use for future reference.

]]> By: Edgar Bangkok http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117438 Edgar Bangkok Wed, 26 Mar 2008 01:31:02 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117438 Now, i add screenshot about problem over my Security Internet Blog at post http://edetools.blogspot.com/2008/03/curiosita.html Edagr from Bangkok Now, i add screenshot about problem over my Security Internet Blog at post
http://edetools.blogspot.com/2.....osita.html

Edagr from Bangkok

]]> By: Edgar Bangkok http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117433 Edgar Bangkok Wed, 26 Mar 2008 01:12:52 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117433 When i read this rss from your blog my NOD32 show me malware allert. I think becouse this page have sample of malware code... and NOD32 think malware is present on code page. Edgar from Bangkok When i read this rss from your blog my NOD32 show me malware allert.
I think becouse this page have sample of malware code… and NOD32 think malware is present on code page.
Edgar from Bangkok

]]> By: meathive http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117160 meathive Sat, 22 Mar 2008 20:32:24 +0000 http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/#comment-117160 I left a message for Ronald regarding a similar find for an obscured PHP backdoor: https://kinqpinz.info/lib/2008/mar/#c61a1757 Hope this is not too off topic. ;] I left a message for Ronald regarding a similar find for an obscured PHP backdoor: https://kinqpinz.info/lib/2008/mar/#c61a1757

Hope this is not too off topic. ;]

]]>