Signature Detail
Short Name |
HTTP:STC:ACTIVEX:CLSID-OBFUS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ActiveX JavaScript Class ID clsid Obfuscation Evasion |
Release Date |
2012/06/07 |
Update Number |
2148 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft ActiveX Control ClassID Obfuscation
This signature detects attempts to obfuscate the ClassID of an ActiveX control. Such activity is currently being used in the wild by malware on popular websites. This could also trigger on marketing websites that also obfuscate their JavaScript. Care should be taken during research of sites that trigger on this signature.