Unobfuscate JavaScript Malware

Updated: March 23, 2010

In an attempt to avoid detection hackers sometimes obfuscate the JavaScript malware code that they insert into web pages. The web based service jsunpack can usually unobfuscate the code to see what the actual code is. It is also fairly easy to unobfuscate the obfuscated code on your own computer. You do need to carefully follow the process, because if you do not fully neutralize the malware code your computer could become infected with malware. To be extra cautious, you can disconnect your web browser or computer from the Internet beforehand to insure that your computer can not become infected.

  1. Open a new text file in a text editor.
  2. Copy the JavaScript code into the file, including the <script> and </script> tags.
  3. Replace all instances of "document.write" and "eval" in the code with "alert". This is the step necessary to neutralize the malware, so make sure to do it carefully.
  4. Save the text file with a .html extension.
  5. Open the file in a web browser, the unobfuscated code will be displayed in an alert box.