Malware with Your Mocha? Obfuscation and Antiemulation Tricks in Malicious JavaScript

Technical paper

Since its original inception under the name 'Mocha', JavaScript has matured into a programming language that underpins today's web. The growth in popularity of interactive web applications has been facilitated by the development of frameworks and libraries such as jQuery and Prototype. In short, browsing the web without JavaScript support is no longer a realistic option.

Attackers looking to infect victims over the web can use this to their advantage; injecting malicious scripts into legitimate web pages to drive traffic to malicious sites where further scripts exploit clientside vulnerabilities.

In this paper some of the tricks used in malicious JavaScript to evade analysis and detection are examined. Antiemulation techniques are also explored.

Download Malware with your Mocha? Obfuscation and antiemulation tricks in malicious JavaScript.

Since its original inception under the name 'Mocha', JavaScript has matured into a programming language that underpins today's web. The growth in popularity of interactive web applications has been facilitated by the development of frameworks and libraries such as jQuery and Prototype. In short, browsing the web without JavaScript support is no longer a realistic option. Download now

Author

Fraser Howard

Fraser is a respected security expert, and has been principal virus researcher with SophosLabs since 2006. Fraser joined Sophos from McAfee where he managed anti-malware researchers across EMEA. He was previously technical editor of Virus Bulletin magazine, the industry's leading publication dealing with the issue of viruses and associated malware.

download Download our free Virus Removal Tool
Find what your antivirus missed