Antarctica Starts Here. - Memories of things that haven't happened yet, predictions of things that have come to pass.

« Browncoats, for the w… | Home | Favourite author not … »

Source code to Javascript botnet agent leaked!

Tuesday 03 April 2007 at 12:57 pm
Remember the software that Billy Hoffman demo'd at Shmoocon 2007 - the Javascript that turns any capable web browser into a zombie?

One Mike Schroll snagged a copy while in the audience and posted it to his website. From there, about 100 somebodies downloaded copies, which no doubt have spread farther.

You can bet that this is going to find illicit use soon. For Firefox users, I strongly suggest that you look into installing a plug-in called NoScript, which lets you decide whether or not to execute the Javascript embedded in a particular web page.

As always, read the documentation.

Tags: agent, botnet, hoffman, javascript, jikto, leaked, noscript, schroll, shmoocon, web_browsers

Fight Spam! Click Here!

Trackback link:

Please enable javascript to generate a trackback url

six comments recorded.

It’s really amazing what you can do with just 882 lines of javascript these days…

[Jarandhel] (URL) - 03 04 07 - 18:14 - Reply to comment?

It’s amazing how much functionality they’ve managed to pack into a web browser…

The Doctor (URL) - 04 04 07 - 13:11 - Reply to comment?

True… though I wonder how many browsers this will really work on. “Javascript” implementations vary widely between web browsers and there are still a ton of cross-browser and cross-platform incompatabilities. And I say this as a very big proponent of the use of javascript bookmarklets for various and sundry functions.

[Jarandhel] (URL) - 04 04 07 - 13:55 - Reply to comment?

That’s something that I don’t know, and it wasn’t mentioned in any of the articles I’ve found.

It’s possible to write Javascript code that takes into account the bugs in every interpreter out there, but I don’t know if they took that into account or not.

The Doctor (URL) - 04 04 07 - 14:35 - Reply to comment?

I would tend to doubt that the code is that sophisticated… 822 lines of code, including comments, doesn’t seem like it would be nearly enough to cover the full range of bugs and provide alternate code for each browser and platform’s implementations of javascript, for an app this sophisticated. Plus, as a proof of concept app, it would never have needed to go that far as the author had very tight control over which browers he would be using in the demonstration. My guess is it would work on IE and Mozilla, on the windows platform primarily, since both companies had reps at that demonstration. Whether it would work on Opera, or on IE for Mac, or Camino or Safari or any other non-standard browser or platform is anyone’s guess. Maybe the code he used manages to avoid all of the known bugs just by virtue of simplicity, but if it does that would be somewhat impressive in and of itself.

[Jarandhel] (URL) - 04 04 07 - 14:55 - Reply to comment?

Depending on exactly how it’s written, that could be an awful lot of executable code. In the wild, it would probably be obfuscated somehow to make it more difficult to detect, and there probably wouldn’t be any comments.

I don’t know anything really about Javascript, so I don’t know what would go into working around the quirks in various browsers. What I’ve seen personally has amounted to double the code wrapped in an if..then construct, with the conditional being the identifier of the web browser.

You have a good point there.

The Doctor (URL) - 05 04 07 - 10:22 - Reply to comment?

Name:

Remember personal info?
Yes
No

Email:

URL:

Comment:

/ Textile

(Register your username / Log in)

Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.