SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


Suspicious Obfuscated JavaScript Code 2 (medium risk alert)

SonicWALL wants to make you aware of the " Suspicious Obfuscated JavaScript Code 2" virus that is spreading across the Internet. A medium risk alert has been issued for this threat.


Description


This signature indicates suspicious obfuscated JavaScript being sent to an HTTP client.Web-Client This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent web-based client-side attacks. Client-side attacks target individuals surfing the web rather than the servers that serve up the webpages that they visit. These attacks take advantage of browser and operating system vulnerabilities or lapses in security settings to make client computer execute arbitrary code. These attacks can give remote attackers complete control over the targeted computer, serve as a vector for worm and Trojan propagation, and cause the systems to crash. Web client attacks either rely on making the web browser itself malfunction or making the browser load malicious content. An attacker generally implements the first type of attack by carefully crafting a malformed URL or file header that is mishandled by the browser or helper program assigned to open the file. When the client program contains a vulnerability to this type of attack, for example and unchecked buffer, this object can cause the computer to execute code that the attacker has built in to its body, allowing the attacker to gain control of the computer. The second type of attack involves finding holes the browser's security settings. Often, this type of attack involves some social engineering, convincing a user to perform an action that lowers their security settings so that malicious content that would usually block can be executed. An example is a JavaScript attack against old Firefox browsers. The browser was configured by default to block JavaScript calls embedded in websites that automatically open content from remote hosts because of the chance that the remote content was malicious. This security measure, however, was bypassed if the user dragged the URL into a new tab on the browser, and so attackers tricked users into running malicious scripts by dragging the URLs to new tabs. These attacks can have the same effects as the previously mentioned attacks: if a remote attacker can cause a user to execute malicious code, they can take over the computer. Web client attacks illustrate the importance of gateway protection because they prey on individual users who may not update their browsers and may not know better than to accidentally lower their security settings. SonicWALL Web-Client signatures, when enabled, can keep these attacks from reaching a network at all. These signatures range from low- to high-priority, with high-priority signatures enabled for prevention by default.


Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2017 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.6 | S2MSW02