Note one thing in the video- after running the java malware a Doc file opens with an error message. The Blackhat's coded this in so you can have something to read as the malware encrypts your files. Isn't that cute?
I should agree, MBAR must revise something and make users to tweak for better protection capabilities.
MBAR and MBAM should not linked to itself on minimizing the signature protection because of focusing much on recent threats and other limitations to make samples invalid and not included on database.
Not that anyone cares, but I made a slight error about the language that RAA is written in. It's actually JScript and not JavaScript. JSrcipt is the Microsoft variant of Java (JavaScript is the Mozilla flavor), and it's preferable to use it as it is less common and makes obfuscation easier.
Very good vid, Thank you for sharing Played with that these days, nice to see Qihoo does very well on Ransomware.
Interesting to see that the file works without MS Office (and it's Macros activated), but also with WordPad (seems to be preinstalled in Win10).
Not that anyone cares, but I made a slight error about the language that RAA is written in. It's actually JScript and not JavaScript. JSrcipt is the Microsoft variant of Java (JavaScript is the Mozilla flavor), and it's preferable to use it as it is less common and makes obfuscation easier.
=> I disagree
They are both similar and quite different depending on how you look at them.
In fact the 2 languages have nothing in common apart from their common style ancestor, C
JScript is more the Microsoft variant of JavaScript adding some particular possibility (allowing developers to link and automate a large number of different objects, including ActiveX controls and Java programs)
- Java is an OOP programming language while JScript is an OOP scripting language.
- Java has static typing; JScript's typing is dynamic. In dynamic typing, a variable can hold an object of any type and cannot be restricted.
- JScript is weakly typed while Java is strongly typed.
- Java is loaded from compiled bytecode; JScript is loaded as human-readable source code.
- Java's objects are class-based; JScript's are prototype-based.
- JScript has many functional programming features based on the Scheme language.
- Java creates applications that run in a virtual machine or browser while JScript code is run on a browser only or a Windows Script Host.
- Java code needs to be compiled while JScript code are all in text.
- Java is larger and a more complicated language. While, JScript is easier and more robust than Java.
- Java must be compiled into what is known as a "machine language" (of the Java Virtual Machine) before it can be run on the Web.
- Java constructors are special functions that can only be called at object creation; JScript "constructors" are just standard functions.
- Java requires all non-block statements to end with a semicolon; JScript inserts semicolons at the ends of certain lines.
- Java uses block-based scoping; JScript uses function-based scoping.
- Java has an implicit this scope for non-static methods, and implicit class scope; JScript has implicit global scope.
- JScript supports closures; Java can simulate sort-of "closures" using anonymous classes.
- All JScript functions are variadic; Java functions are only variadic if explicitly marked.
- JScript prototypes can be redefined at runtime, and has immediate effect for all referring objects. Java classes cannot be redefined in a way that affects any existing object instances.
- JScript allows methods in an object to be redefined independently of its prototype; methods in a Java object are tied to its class, and cannot be redefined at runtime.
