Question about "Javascript Obfuscation"

[biggles]

I was browing the internet today and AVG came up with a warning on a seemingly harmless website, venturebeat.com.

Can anyone explain what this is? If this is a legit threat, why would it come from a normal website?

 

[B00nie]

I was browing the internet today and AVG came up with a warning on a seemingly harmless website, venturebeat.com.

Can anyone explain what this is? If this is a legit threat, why would it come from a normal website?

It just means the javascript used on the site is not clearly human readable. It does not automatically mean a threat. Having said that, you should not browse with javascript enabled by default.

Oh, and a site being reputable has nothing to do with the chance of getting infected. The most notorious infections have come from 'reputable' sites that got hacked. Either via ads or plain old penetration.

 

[Track Drew]

If this is a legit threat, why would it come from a normal website?

Either malicious advert, compromised website, or false positive. Does your AV give a URL or was it from a file cached to disk?

 

[B00nie]

Either malicious advert, compromised website, or false positive. Does your AV give a URL or was it from a file cached to disk?

Sorry but javascript obfuscation has nothing (directly) to do with malicious intent. It could be used to protect the source code from direct copying for purely non-malignant purposes.

 

[Track Drew]

Sorry but javascript obfuscation has nothing (directly) to do with malicious intent. It could be used to protect the source code from direct copying for purely non-malignant purposes.

if someone used JS obfuscation that "looks" like something once used maliciously, then the last possibility I stated - "false positive" would be correct.

In hindsight - we are both assuming that the nature of the "AVG warning" is obfuscated JS, and you know what happens when you assume...