HighProventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, RealSecure Desktop, RealSecure Desktop Protector 3.6, BlackICE Server Protection, BlackICE Agent for Server, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware:
This signature detects a malicious web page with shellcode inside of Javascript.
High
Proventia Server IPS for Linux technology: 1.0, Proventia Network IPS: XPU 1.72, Proventia Desktop: 8.0.675.1720, RealSecure Desktop: epd, RealSecure Desktop Protector 3.6: epd, BlackICE Server Protection: 3.6.cpd, BlackICE Agent for Server: 3.6epd, BlackICE PC Protection: 3.6cpd, RealSecure Network: XPU 24.33, RealSecure Server Sensor: XPU 24.33, Proventia Network IDS: XPU 24.33, Proventia-G 1.1 and earlier: XPU 24.33, IBM Security Server Protection for Windows: 1.0.914.1720, Proventia Network MFS: XPU 1.72, IBM Security Server Protection for Windows: 2.1.14.2400, Virtual Server Protection for Vmware: 1.0
IBM AIX, WindRiver BSDOS, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server
Suspicious Activity
Shell code consisting of the unescape function has been detected in JavaScript. The unescape function, which is used to unencode URL-encoded strings, has been detected.
This check is for informational purposes only.
nihonsoft.org Web site
unescape
http://research.nihonsoft.org/javascript/jsref/glob23.htm
ISS X-Force
Shellcode in JavaScript has been detected
http://www.iss.net/security_center/static/25447.php