Jump to content

Recommended Posts

  • ESET Insiders
Posted (edited)

We have a custom inline script that obscures a mail to address but ESET and some other endpoint products are knocking it down. The code is:

                                                  <script type="text/javascript">

                                                                                                <!--

                                                                                                var s="

=b!ujumf>#Fnbjm!Tbsbi#!isfg>#nbjmup;tbsbiAtbsbitjohjoh/dpn#?Tbsbi=0b?";

                                                                                                m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);

                                                                                                //-->

                                                                                </script>

Because we are purposely trying to utilize this javascript, how can we whitelist this?

Machine details of the threat are below:

 

  • [redacted]
  • COMPUTER DESCRIPTION
    John Ball
  • THREAT NAME
    JS/Kryptik.AD
  • THREAT TYPE
    trojan
  • SEVERITY
    Warning
  • OCCURRED
    2016 Jun 2 08:30:18
  • THREAT HANDLED
    Yes
  • RESTART NEEDED
    No
  • ACTION TAKEN
    cleaned by deleting
  • ACTION ERROR
  • OBJECT TYPE
    file
  • OBJECT URI
    [redacted]/test.html
  • CIRCUMSTANCES
    Event occurred on a newly created file.
  • SCANNER
    Real-time file system protection
  • ENGINE VERSION
    13585 (20160602)
  • PROCESS NAME
    C:\Windows\notepad.exe
  • USER NAME
    [redacted]
Edited by BDeep
  • Administrators
Posted

Use an image for instance instead of obfuscation methods similar to what malware authors use.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...