Archive for the 'WebApps' Category

Polymorphic ECMAScript Generator!

JavaScript (in cyrptic speak ECMAScript) worms are becoming increasingly common, so are advances in anti-detection. Heard of polymorphic (code changing) viruses the same concept has been observed in recent worms as well. Detecting polymorphic code is difficult and Gareth Heyes has a nice article on why it is a challenge in javascript. To prove his point he even has a polymorphic javascript code generator on his site.

To sum it up here is a piece of javascript ternary morphed using his tool:

alert(‘JS morph XSS’);

eval(((0 < 4 ? ‘a’ : ‘JfwGL’)+(0 < 4 ? ‘l’ : ‘JfwGL’)+(0 < 4 ? ‘e’ : ‘JfwGL’)+(0 < 4 ? ‘r’ : ‘JfwGL’)+(0 < 4 ? ‘t’ : ‘JfwGL’)+(0 < 4 ? ‘(‘ : ‘JfwGL’)+(0 < 4 ? ‘\” : ‘JfwGL’)+(0 < 4 ? ‘J’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘ ‘ : ‘JfwGL’)+(0 < 4 ? ‘m’ : ‘JfwGL’)+(0 < 4 ? ‘o’ : ‘JfwGL’)+(0 < 4 ? ‘r’ : ‘JfwGL’)+(0 < 4 ? ‘p’ : ‘JfwGL’)+(0 < 4 ? ‘h’ : ‘JfwGL’)+(0 < 4 ? ‘ ‘ : ‘JfwGL’)+(0 < 4 ? ‘X’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘S’ : ‘JfwGL’)+(0 < 4 ? ‘\” : ‘JfwGL’)+(0 < 4 ? ‘)’ : ‘JfwGL’)+(0 < 4 ? ‘;’ : ‘JfwGL’)))