Uncommon Radixes Used in Malware Obfuscation
Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number?
I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file:
There were several layers of obfuscation. During the final stage of decoding, I identified that this code writes something to web pages with URLs containing one of the following keywords onepage|checkout|onestep|firecheckout, typically used on checkout pages.
Continue reading Uncommon Radixes Used in Malware Obfuscation at Sucuri Blog.
No comments yet.