Signature Detail

HTTP: Malicious Javascript CookieBomb Attack

This signature detects a known technique to drop malicious contents via a victim's browser through specially crafted obfuscated JavaScript. The JavaScript looks for specific cookie values and malicious code is only executed once certain conditions are met. This technique is where an attacker will compromise a normally benign website and adds malicious content without the site's owner being aware of it. A successful attack would result in a complete compromise of the viewing user's browser.

References

• URL: http://malwaremustdie.blogspot.jp/2014/01/and-another-detonating-method-of-todays.html
• URL: http://malwaremustdie.blogspot.jp/2013/07/proof-of-concept-of-cookiebomb-attack.html