This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Atlanta Member Meeting 02.25.10

Jump to: navigation, search

25th of Feb Meeting

WHAT:: Embedded Malicious Javascript

WHEN:: February 25, 2010 6-8pm

WHERE:: Room 1447 , Klaus Advanced Computing Building, Georgia Tech :: Web :: Google Maps ::

  • Parking spots: Parking Map - Physics building (Area 4)
  • Campus Bus: Tech trolley runs between Midtown Marta and the venue

WHO:: Nick Chapman, SecureWorks

ABSTRACT:: This talk will cover malicious JavaScript currently being used in the wild. It will start with the big daddy of embedded malicious JavaScript, Asprox, which last year gave rise to panicked headlines like "100,000s of websites compromised" and continuing through more recent samples such as the fake Yahoo Counter and the recent MS09-002 exploits. We will look at attack vectors, obfuscation techniques, and multi-stage delivery systems, and exploits used. This will feature the analysis of several samples harvest from the wilds of the Internet.

Bio: My name is Nick Chapman. I'm a security researcher with the SecureWorks Counter-Threat Unit. Prior to focusing on security issues full time, I worked as both a System Administrator and Network Engineer in the ISP world.

Download Presentation: File:OWASP Atlanta Feb 25 2010.ppt