Wednesday, September 8, 2010

Creating, obfuscating and analyzing malware JavaScript

I've translated my talk on Analyzing and Obfuscating Javascript-based malware to English:

Malware attacks on unaware Internet users’ browsers are becoming more and more common. New techniques for bypassing filters used by security vendors emerge. In turn, the filters are getting better, new analyzing tools are developed - the war continues. At the presentation you will learn how crackers are trying to hamper the work of security engineers, and how reversers are overcoming those problems. Emphasis will be placed on the weaknesses of automated tools - we’ll try to avoid detection by jsunpack and Capture-HPC, we’ll also trick Dean Edwards’ Unpacker.
The materials for the demos are on github. For Polish viewers - see the polish version of the talk.

The talk mentions jsunpack vulnerability where malware could detect that functions have been overloaded - I've done some research on how jsunpack could fix this by overriding toString better.

No comments: