recent posts:

• Trends and Analysis of Mass Compromise Malware Methods
• Gumblar Joins Nine-Ball Next Generation Mass Compromise

As an Information Security Specialist with 20 years experience, I find it useful to have an outlet for sharing my recent findings, personal explorations, opinions, tools and procedures for Network Security.  I live and work in the Washington DC area and am available for speaking engagements as well as project support.

Contact:  Charlene@cdeaver.com    [resume]

Charlene's Information Security Blog

• Writing Custom Snort Rule for Obfuscated Javascript
• Profiling Malicious EXE (PC Defender Revisited)

September, 2009

This month's article is Exploring Javascript Shellcode.  It steps through generating shellcode, converting it to string data, encoding it into javascript and analyzing it along the way.  I even save off a copy of the shellcode as a standalong executable.  Surprisingly, the final script managed to go undetected by almost every virus detection software (you would think they would notice a new backdoor).  I think it is a good example to prove the point that this method is popular because it is not easily detected. 

After the Gumblar I monitored a few international websites looking for indications of the next iteration signature.  You'll find that post along with the full archive here.

 

 

categories

• Malware Analysis 
• Network Security
• Information Assurance 
• Projects of Interest
• Click to view full listing