Nick Chapman - Embedded Malicious Javascript from Outerz0ne 5 (Hacking Illustrated Series InfoSec Tutorial Videos)

Nick Chapman - Embedded Malicious Javascript from Outerz0ne 5 (Hacking Illustrated Series InfoSec Tutorial Videos) Nick Chapman - Embedded Malicious Javascript from Outerz0ne 5

This talk will cover malicious JavaScript currently being used in the wild. It will start with the big daddy of embedded malicious JavaScript, Asprox, which last year gave rise to panicked headlines like "100,000s of websites compromised" and continuing through more recent samples such as the fake Yahoo Counter and the recent MS09-002 exploits. We will look at attack vectors, obfuscation techniques, and multi-stage delivery systems, and exploits used. This will feature the analysis of several samples harvest from the wilds of the Internet.

Bio: My name is Nick Chapman. I'm a security researcher with the SecureWorks Counter-Threat Unit. Prior to focusing on security issues full time, I worked as both a System Administrator and Network Engineer in the ISP world.

Download AVI from:
http://archive.org/download/Outerz0ne2009/Irongeek-NickChapmanEmbeddedMaliciousJavascript885.avi
http://blip.tv/file/get/Irongeek-NickChapmanEmbeddedMaliciousJavascript885.avi

Streaming Flash:

Special thanks to Scott and Brandon Moulton for the AV work, and SkyDog for letting me rip the videos.

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.