Thursday, December 09, 2004

Script Encoding

I was reviewing the Full-Disclosure archives over on Neohapsis this morning, and ran across a post about an online script decoder. I thought that this was pretty interesting, but aside from decoding the encoded scripts, my thoughts took another avenue (as they often tend to do)...

What happens if you have your malware, and you use something like Exe2Vbs (zipped archive here) to create a VBScript, then encoded that script with Microsoft's Script Encoder tool? Theoretical stuff aside, what would this "look like" to an Anti-Virus tool? Anyone want to try it?