.: [ TOOLS-ON.NET - Network tools from Alexander K. Yezhov ] :. Free tools for connected people. Online privacy and proxy tests, flexible whois tool, ping, traceroute and more.

Categories

• Main index

• Network tools

• Privacy tools

• Web and your privacy

• E-Mail and your privacy

• Using IRC

• Using ICQ

• Search tools

Contact info

FREE E-Mail

Your@tools-on.every1.net

[ get your mail address now ]

My micro banner

Many of us rely on AV software today. But can we always trust those alerts we get? Let's see. If you try to encode your javascript, your visitors may be alerted about trojan JS.Wonka (also known as JS_DLOADER.K, Trojan-Downloader.JS.Inor.a (Kaspersky), Troj/Phel-B (Sophos), JScript/ProfPack!PWS!Downloader, JS/SillyDownloader.AI (F-Prot), Troj/Viperjs-A (Sophos)). What makes the AV software think it's not a script but trojan? In fact, it's just a "generic check". The Virus Information Center says:

===cut===
JS.Wonka is a generic detection of web pages or e-mail messages that contain a certain functionality for encrypting scripts that may have malicious intent. This does not necessarily mean that a virus has been found. It merely means that HTML code was found which attempts to activate additional executable code without the user's express permission. Note: this detection may be triggered by merely visiting a web page that contains malicious code. It does not necessarily mean your machine has been compromised.
===cut===

What does it mean for the webmaster - another headache. Say your decoding function is "escaped" and you put unescape(...) on your page. Now if the unescaped code contains "document.some-operation" - you're in trouble. Just because generic check assumes this code can be malicious.

This site may use encoded scripts (as many sites do to avoid leeching). Though they are harmless and easy to decode, there's no guarantee that AV software won't be triggered as you could see. If you get some strange alerts, please let me know.