Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware definitions (web based)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Encoded javascript

Javascript is a language (code) that can be executed directly by the browser and many other applications that support it (PDF, email readers, etc).

Javascript malware. Because it is a full programming language executed by the browser, attackers use it heavily to run malicious code from the compromised sites. It can range from simple remote source includes, to heavily obfuscated payloads to redirect users to spam, exploit kits (drive by downloads), fake AV and anything else you can imagine.

Example of javascript malware:

Simple remote includes:

This code loads whatever content is inside and is executed by the browser of the victim.

Encoded javascript: There are so many variations, ranging from an iframe builder hidden:

To a remote code included hidden in hex:

Or to a more complex blackhole exploit kit enconding type: