HighProventia Server IPS for Linux technology, RealSecure Desktop, RealSecure Desktop Protector 3.6, BlackICE Agent for Server, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server for VMware:
This signature detects a malicious web page with shellcode inside of Javascript.
High
Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: epd, RealSecure Desktop Protector 3.6: epd, BlackICE Agent for Server: 3.6epd, BlackICE PC Protection: 3.6cpd, RealSecure Network: XPU 24.33, RealSecure Server Sensor: XPU 24.33, Proventia Network IDS: XPU 24.33, Proventia Desktop: 8.0.675.1720, Proventia Network IPS: XPU 1.72, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1720, BlackICE Server Protection: 3.6.cpd, Proventia-G 1.1 and earlier: XPU 24.33, Proventia Network MFS: XPU 1.72, Proventia Server for VMware: 1.0
IBM AIX, WindRiver BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server
Suspicious Activity
Shell code consisting of the unescape function has been detected in JavaScript. The unescape function, which is used to unencode URL-encoded strings, has been detected.
This check is for informational purposes only.
nihonsoft.org Web site
unescape
http://research.nihonsoft.org/javascript/jsref/glob23.htm
ISS X-Force
Shellcode in JavaScript has been detected
http://www.iss.net/security_center/static/25447.php