Hi malware fighters,
I like this site: http://www.strictly-software.com/unpack-javascript.aspx
And tried this code out there: http://securitythoughts.wordpress.com/2009/08/28/deobfuscating-javascript-malware/
And it worked see attached output code deobfuscated:
Also use this online tool, friends: http://www.yehg.net/encoding/
and go here: http://www.patzcatz.com/unescape.htm (“Dodem deobfuscation!” worked like a charm)
polonus
P.S. The malware at hand was JS:Obfuscated-BJ [Trj] as it comes detected by avast…
JS/Obfuscated.b is a generic detection for obfuscated malicious script files which attempts to exploit unpatched vulnerabilities in the system. Avast flagged it here: htxp://docs.google.com/View?id=dctvmpj6_28f9pwcrhd
This specially crafted javascript uses various obfuscation techniques to hide the real nature of attacks.
Symptoms
Symptoms -
This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system. You all are fully patched, eh, friends?
Additionally some exploits simply cause Internet Explorer to crash and nothing more.
Method of Infection
Method of Infection -
This threat could be delivered via an email message, IM or an infectious web page.