Skip to main content

New Orkut worm takes us back in the wayback machine

The latest Orkut worm (opens in new tab) reports talk about the technique that the worm writer has used to distribute its code.

Quoting from the original article above: “It then downloads and executes a heavily obfuscated JavaScript”… looking at the code, I was expecting some whiz-bang brand-spankin-new cool-as-ice JS that you can’t even watch without eye protection.

Alas, I was greeted with the good-ole’ “packed” obfuscation (see pdp’s post (opens in new tab) in it):

This brings us back to our August post on obfuscators (opens in new tab) (that are obviously easily detected and processed by us) which talked about the “packed” strand of JS obfuscation...

Hope that the industry will bring in something more exciting in the next wave of malicious code ;-)