Dailydave mailing list archives
Re: Blog spam, obfuscated javascript and more!
From: "val smith" <valsmith () offensivecomputing net>
Date: Mon, 28 Jul 2008 11:44:37 -0600
The thing that I would say is that everyone should know when you go to my site you will be encountering live malware. I'm sort of a "full disclosure for malware" type of person. I don't censor anything, unlike many other analysis organizations. I respect their position on censoring things like links, etc. but I believe in a different way. I have a big warning on my site, but just to re-iterate: Offensive Computing has live, malicious samples of evil software. We will also post direct links to bad guys and sites hosting malware. This is so competent analysts can find the samples, know what they are dealing with and so we are all on equal footing. I don't want to be the only one holding the information and everyone else has to guess about it. The malware disclosure debate is decades old and won't ever be resolved, (definitely not by me) but I will keep on doing what I think is right. Therefore you should always use best safety practices at all times, such as sandboxes, virtual machines, safe browsers, safe document viewers, etc. I don't even surf the web from a non-virtualized host anymore. V. On Mon, Jul 28, 2008 at 9:22 AM, Petja van der Lek <lek () xs4all nl> wrote:
A word of warning might be in order: the PDF is filled with hyperlinks to (presumably) live malware sites. Navigating the document is therefore not unlike playing Minesweeper. Red flags are not powerups but mean "danger". Mis-click to get pwned. Stuff like that. You might want to use a reader that at least asks for confirmation before it serves up the site in your browser (a quick test shows that Adobe Reader 7 as a Firefox plugin happily opens a link without asking anything, for instance). That said, it's an excellent read! Cheers, Lek. val smith wrote:Don't know how many of you care about malware stuff but just in case, we released a paper on OC: http://www.offensivecomputing.net/papers/valsmith_colin_blog_spam.pdf Its pretty rough and disorganized but covers some reversing, analyzing obfuscated javascript, and the potential home IP of one of the "attackers". V.
-- ****************************************** * Val Smith * CTO Offensive Computing, LLC * http://www.offensivecomputing.net ******************************************* _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Blog spam, obfuscated javascript and more! val smith (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Dave Korn (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)
- Re: Blog spam, obfuscated javascript and more! val smith (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Dave Korn (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)