Sysadmins of the North
Don't forget to share this post!

An example of evolving obfuscation

Brad Duncan, security researcher at Rackspace, writes about the evolving javascript (malware) obfuscation, on the Internet Storm Center InfoSec Community Forums.

Since May of 2014, I’ve been tracking a particular group that uses the Sweet Orange exploit kit to deliver malware. This group also uses obfuscation to make it harder to detect the infection chain of events.

By 2015, this group included more obfuscation within the initial javascript. It’s a relatively minor change in the overall traffic patterns; however, the result causes more work to detect the malicious activity.

Either way, the infection chain flows according to following block diagram:

Read on at ISC InfoSec Community Forums post An Example of Evolving Obfuscation

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link:

follow me on:

Leave a Comment:

Add Your Reply
Skip to content