Polymorphic ECMAScript Generator!
JavaScript (in cyrptic speak ECMAScript) worms are becoming increasingly common, so are advances in anti-detection. Heard of polymorphic (code changing) viruses the same concept has been observed in recent worms as well. Detecting polymorphic code is difficult and Gareth Heyes has a nice article on why it is a challenge in javascript. To prove his point he even has a polymorphic javascript code generator on his site.
To sum it up here is a piece of javascript ternary morphed using his tool:
alert(’JS morph XSS’);
eval(((0 < 4 ? ‘a’ : ‘JfwGL’)+(0 < 4 ? ‘l’ : ‘JfwGL’)+(0 < 4 ? ‘e’ : ‘JfwGL’)+(0 < 4 ? ‘r’ : ‘JfwGL’)+(0 < 4 ? ‘t’ : ‘JfwGL’)+(0 < 4 ? ‘(’ : ‘JfwGL’)+(0 < 4 ? ‘\” : ‘JfwGL’)+(0 < 4 ? ‘J’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘ ‘ : ‘JfwGL’)+(0 < 4 ? ‘m’ : ‘JfwGL’)+(0 < 4 ? ‘o’ : ‘JfwGL’)+(0 < 4 ? ‘r’ : ‘JfwGL’)+(0 < 4 ? ‘p’ : ‘JfwGL’)+(0 < 4 ? ‘h’ : ‘JfwGL’)+(0 < 4 ? ‘ ‘ : ‘JfwGL’)+(0 < 4 ? ‘X’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘\” : ‘JfwGL’)+(0 < 4 ? ‘)’ : ‘JfwGL’)+(0 < 4 ? ‘;’ : ‘JfwGL’)))
No related posts.
