Re: Blog spam, obfuscated javascript and more!

["val smith" <valsmith () offensivecomputing net>]

The thing that I would say is that everyone should know when you go to
my site you will be encountering live malware. I'm sort of a "full
disclosure for malware" type of person. I don't censor anything,
unlike many other analysis organizations. I respect their position on
censoring things like links, etc. but I believe in a different way.

I have a big warning on my site, but just to re-iterate: Offensive
Computing has live, malicious samples of evil software. We will also
post direct links to bad guys and sites hosting malware. This is so
competent analysts can find the samples, know what they are dealing
with and so we are all on equal footing. I don't want to be the only
one holding the information and everyone else has to guess about it.

The malware disclosure debate is decades old and won't ever be
resolved, (definitely not by me)  but I will keep on doing what I
think is right.

Therefore you should always use best safety practices at all times,
such as sandboxes, virtual machines, safe browsers, safe document
viewers, etc. I don't even surf the web from a non-virtualized host
anymore.

V.

On Mon, Jul 28, 2008 at 9:22 AM, Petja van der Lek <lek () xs4all nl> wrote:
> A word of warning might be in order: the PDF is filled with hyperlinks to
> (presumably) live malware sites. Navigating the document is therefore not
> unlike playing Minesweeper. Red flags are not powerups but mean "danger".
> Mis-click to get pwned. Stuff like that. You might want to use a reader that
> at least asks for confirmation before it serves up the site in your browser
> (a quick test shows that Adobe Reader 7 as a Firefox plugin happily opens a
> link without asking anything, for instance).
>
> That said, it's an excellent read!
>
> Cheers,
> Lek.
>
> val smith wrote:
> > Don't know how many of you care about malware stuff but just in case,
> > we released a paper on OC:
> >
> > http://www.offensivecomputing.net/papers/valsmith_colin_blog_spam.pdf
> >
> > Its pretty rough and disorganized but covers some reversing, analyzing
> > obfuscated javascript, and the potential home IP of one of the
> > "attackers".
> >
> > V.



-- 
******************************************
* Val Smith
* CTO Offensive Computing, LLC
* http://www.offensivecomputing.net
*******************************************
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave