malicious javascript

Only a few days after FortiGuard Labs published an article about a spam campaign exploiting an RTF document, we found another spam campaign using an even more recent document vulnerability, CVE-2017-11882. [Read More]
by RSS Jasper Manual and Joie Salvio  |  Nov 27, 2017  |  Filed in: Security Research
Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Oct 12, 2017  |  Filed in: Security Research
In today's context, where the majority of Zombie infections occur via victim's browser exploitation (aka "drive-by install"), a Cyber Guerilla is taking place between malware analysts and Web Exploitation Toolkits developers. The latter used to merely resort to counter-measures (such as dynamic obfuscation or code splitting) in order to hinder the analysis of the malicious javascripts embedded in their exploitation toolkits. But it seems they have now entered a genuinely more aggressive phase, which involves booby-trapping the malicious javascripts... [Read More]
by RSS David Maciejak  |  Apr 02, 2009  |  Filed in: Security Research