What would you say if you saw one of these code snippets in a website you browse to:
dim tass
Set tass = CreateObject(“CnsHelper.CH”)
If IsObject(tass) then
HasCns = true
else
HasCns = false
end if
or:
function winIE5upPlyrDetect(){
var playerAxObj;
var iectlAxObj;
try{
iectlAxObj = new ActiveXObject(“Shell.Explorer”);
}
catch(e){
}
try{
or:
var fs = new ActiveXObject(“Scripting.FileSystemObject”);
try {
//open file, 8=appends to file, true=will create file if doesn’t already exist
var a = fs.OpenTextFile( fileUri, 8, true );
a.Writeline( text );
a.Close();
}
You are probably looking at this and thinking, “ok, what is he going to show us now – some newfangled attack vector, spyware drive-by installer, local system access…â€. Guess again.
Sample #1 is coming from Yahoo.com (more specifically http://cn.zs.yahoo.com/func.vbs), and yes – you saw that correctly, is creating the CnsHelper.CH object – an object that multiple sources consider an unwanted AdWare application (see: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FCNSMIN%2EA, http://www.spynomore.com/bho-hijacker-toolbar-cnsmin.htm, http://www.pestpatrol.com/spywarecenter/pest.aspx?id=453072511, …)
Sample #2 is unreal. Well, actually it’s real. Real.com. (http://uk.real.com/js/playerdetection.js?rev=9507). This is how a developer tests to see if the browser looking at the page is Internet Explorer…
Sample #3 is the all powerful walmart.com (http://www.walmart.com/kiosk/js/log.js) which, and I’m quoting the code comment right before the function (sit tight):
/**
* Opens a local file and appends a string to it.
* Returns boolean indicating succes of opening/writing.
*/
Right. When browsing the web…
You do the math. Just think now how hard it is to work in such a demanding environment, where the good guys do not always follow the good guys coding manual (what? Didn’t you all get the memo?).
Till next time,
Leave a Reply