Tuesday, May 8, 2007

One for the RSS aggregator: Chinese bot/sploit blogs

OK, so I can't read Chinese (or Japanese, or Korean, or...) characters to save my life. But in the course of my recent adventures in obfuscated JavaScript droppers, I stumbled across something interesting. I put the first piece of some obfuscated JavaScript in Google, and I got 2 hits!

I was really hoping to find a page on this particular type of encoding and where and how it's been used in the past. Instead, I found it posted to a pair of blogs in China, with no accompanying perl scripts for decoding the payload, so I can only assume the intent of the poster(s).

No comments: