Category: Security Research
-
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs…
-
Tying it all up – explosive exploits…
The funniest thing happened yesterday – at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which means we are right as usual…). The interesting part was that it was one of those “iframe” sites that give you a small iframe html code to…
-
Analyzing an AJAX Attack Vector in the wild
We have just finished working on a new monthly released paper that will focus on a new “page” (dubbed “Malicious Page of the Month”). This month we have analyzed an AJAX attack vector found by our labs in the wild. The interesting thing to note is how attackers are utilizing new technologies and kind’a show…