Malicious code, exploit vectors or top-programmer job?

What would you say if you saw one of these code snippets in a website you browse to:

dim tass

Set tass = CreateObject(“CnsHelper.CH”)

If IsObject(tass) then

HasCns = true


HasCns = false

end if


function winIE5upPlyrDetect(){
var playerAxObj;
var iectlAxObj;
iectlAxObj = new ActiveXObject(“Shell.Explorer”);


var fs = new ActiveXObject(“Scripting.FileSystemObject”);

try {
//open file, 8=appends to file, true=will create file if doesn’t already exist
var a = fs.OpenTextFile( fileUri, 8, true );
a.Writeline( text );

You are probably looking at this and thinking, “ok, what is he going to show us now – some newfangled attack vector, spyware drive-by installer, local system access…”. Guess again.

Sample #1 is coming from (more specifically, and yes – you saw that correctly, is creating the CnsHelper.CH object – an object that multiple sources consider an unwanted AdWare application (see:,,, …)

Sample  #2 is unreal. Well, actually it’s real. ( This is how a developer tests to see if the browser looking at the page is Internet Explorer…

Sample #3 is the all powerful ( which, and I’m quoting the code comment right before the function (sit tight):

* Opens a local file and appends a string to it.
* Returns boolean indicating succes of opening/writing.
Right. When browsing the web…

You do the math. Just think now how hard it is to work in such a demanding environment, where the good guys do not always follow the good guys coding manual (what? Didn’t you all get the memo?).

Till next time,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.