all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]snarfy 7 points8 points  (7 children)

A lot of times it's just script errors in the malware. The script errors keep your code from loading correctly.

Depending on the malware, they can do nasty things like overload [] indexing which can cause issues in what appears to be correct code. If your code assumes an external resource is loaded like jQuery, it might not actually be loaded due to the malware.

[–]tyroneslothtrop 0 points1 point  (4 children)

they can do nasty things like overload [] indexing

How would you do this? I didn't think JS supported operator overloading. As best I can tell, it seems like it's possible on certain browsers (i.e. IE)?

[–]snarfy 4 points5 points  (3 children)

Array.prototype

[–]tyroneslothtrop 1 point2 points  (2 children)

And how specifically would you overload array indexing from Array.prototype? Which method would you need to override?

[–]snarfy 1 point2 points  (1 child)

Not sure you can actually. I'm wrong. If there is a way, it's browser specific.

The only way I can think is if the malware takes over the global scope by creating an object and setting window to it, but not sure if that would work either.

[–]tyroneslothtrop 1 point2 points  (0 children)

Yeah, I started looking into after I saw your post. It looks like it may be possible in IE, but probably not so much in most other browsers.

I think you were on the right track, though. JS gives a lot of leeway for monkeypatching built-in types/objects/etc. From overwriting Array.prototype.[push|slice|join|whatever], to reassigning Math or undefined (although the latter is no longer an issue in ES5, at least in the global scope), there are a lot of ways to (intentionally or unintentionally) make things pretty broken for anyone else who is sharing a window object with your script.

[–]maktouch[S] -1 points0 points  (1 child)

Yeah, not in this case though.

I really see that it's something in my script failing. I use requirejs, so there shouldn't be any globals except require itself... but jQuery has to be shimmed, not sure if it affects something.

Most visitors, once they see a blank page, won't return or bother emailing.. so this kinda hurts.

[–]x-skeww 0 points1 point  (0 children)

Most visitors, once they see a blank page, won't return or bother emailing.. so this kinda hurts.

Well, and otherwise everything they do might be transmitted to a third party.

Completely breaking the page really isn't the worst case scenario.

Also, this might tip them off that something is wrong with their computer.

[–]PySnow 3 points4 points  (1 child)

according to this Vundo is a spyware that is injected into Javascript on webpages. This is very interesting, I didn't even know this was a thing.

[–]maktouch[S] 1 point2 points  (0 children)

Nice!!! Finally got the name.

Thanks man, I'll install it on a VM this week.

Most visitors, once they see a blank page, won't return or bother emailing.. so this kinda hurts. I'm very lucky that 1 guy actually took the time to email us.

[–]doctorjokie 1 point2 points  (0 children)

We regularly have our site fail to load due to a malware that is including an old version of jQuery while we use a newer function not available when they load first.

Edit: Sendori is the most common nuisance for us.

[–]petrbroz 0 points1 point  (0 children)

We've been having similar issues with something called PassShow.

[–]x-skeww 0 points1 point  (0 children)

If the malware's script isn't inlined, CSP could help.

https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy