[Full-Disclosure] Online Script Decoder

From: GreyMagic Security (security_at_greymagic.com)
Date: 12/07/04

  • Next message: Kenneth Ng: "Re: [Full-Disclosure] A suggestion to all AV vendors..."
    To: <full-disclosure@lists.netsys.com>
    Date: Tue, 7 Dec 2004 19:13:30 +0200
    
    

    Windows Script Encoder is a Microsoft tool to encode scripts so that "Web
    hosts and Web clients cannot view or modify their source". It encodes the
    content of script tags using a very simple encoding algorithm and renames
    the scripts "language" attribute from "JScript" or "Javascript" to
    "JScript.Encode" and from "VBScript" to "VBScript.Encode".

    The online script decoder decodes scripts that were encoded with the
    Microsoft Script Encoder (screnc.exe) from
    http://www.microsoft.com/downloads/details.aspx?familyid=E7877F67-C447-4873-
    B1B0-21F0626A6329&displaylang=en.

    Recently, malicious attackers have started to use the Microsoft Script
    Encoder in order to evade Anti-virus programs that rely on text-matching for
    virus detection. Such encoded scripts also prevent advanced users from
    immediately seeing that a script may be trying to exploit a vulnerability in
    their browser.

    Use this online decoding tool to quickly and automatically reveal the actual
    code of any encoded pages and scripts. You can paste an entire page
    containing any number of encoded sections or simply provide an encoded page
    URL.

    http://www.greymagic.com/security/tools/decoder/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Kenneth Ng: "Re: [Full-Disclosure] A suggestion to all AV vendors..."