Active CookieBomb, CVE 2013-2465 and Reveton

This is the second QuickAnalysis post after the one by evilcry; During my daily urlquery investigation (, I come across a website infected by the CookieBomb injection payload. hxxp:// The JS inside the index page, obviously, is obfuscated: after deobfuscation we have this: The code above clearly shows a classical CookieBomb Javascript infection. What is […]

Deobfuscating generic BlackHole 2 with JsADO

I wrote this article to describe how to use JsADO (JS-Auto-DeObfuscator), a little project that I’m developing so as automatically deobfuscate javascript code: JsADo hooks a js function as eval to get the code to be executed, or element.appendChild to dump the HTML Object to be inserted into page I’m going to explain how to […]