| reply to Smokey Bear
Re: Script fragmentation attacks to bypass anti-virus protection Well yes, that would be one method of obfuscating exploit scripts. But there are already hundreds of ways of obfuscating exploits and the AVs are already hopeless at keeping up with them.
This attack does not render desktop and gateway anti-virus products useless. Because desktop and gateway anti-virus products have been useless for quite some time now. |
|
|
|
| reply to Anon
Re: Script fragmentation attacks to bypass anti-virus protection JavaScript is a Turing-complete language. It's mathematically impossible to unwrap all possible forms of obfuscation, short of actually running the code in a JS interpreter. (At which point you may become vulnerable to the exploits themselves or non-halting logic bombs.) |
|
 jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | said by bobince:JavaScript is a Turing-complete language. It's mathematically impossible to unwrap all possible forms of obfuscation, short of actually running the code in a JS interpreter. (At which point you may become vulnerable to the exploits themselves or non-halting logic bombs.) This is true, but IIRC Symantec does have a script execution interrupt hook of some sort that blows the whistle whenever a script tries to touch a sensitive API call or something else suspicious looking. It might actually be pretty difficult to work around this.
--
Ubuntu MOTU Developer and Forums Council |
|
| reply to Anon
said by zteardrop:I have tried many hundreds of obfuscation attacks using tools we have build inhouse... You men at Symantec or at home? Have any data to back up that statement? |
|
