This will be an old new if you are following Ronald’s blog but nevertheless I’ve decided to make it public here as well, because the only way you can fight these menace is by sharing and dissecting. The malware is heavily obfuscated but not as much as it can get. In fact, just by glancing through the code you can see the key points of the execution process.
Don’t get too excited about this source as it is useless. In fact there is nothing interesting about it. [...]
Over the weekend I started thinking more seriously about where the AttackAPI is going. I’ve come up to the conclusion that there is a lot of work ahead of us and we need to start thinking a lot more about the design before doing anything drastic. It quickly came to my mind that some of you may like to use the stable parts of the attack library for whatever reasons. For example, I quite often make use of the core utilities for all kinds of command line tools. [...]
SPI Dynamics released a paper on how to port scan and do other cool stuff with JavaScript. I’ve found the paper quite interesting, so I decided to make my own port scanner in JavaScript. My aim was to build the port scanner small, cute, reusable and fast. After a couple of hours fiddling around with IMG tags and other DOM elements I came up with the following solution.
The code depends on your connection speed and might not be very accurate. [...]