Xanda's Blog !~!

Yara Rule for Safari window.parent.close()

rule SafariWindowParentClose
{
   meta:
      ref = "Safari window.parent.close()"
      impact = 7
   strings:
      $SafariWindowParentClose_1 = /.*?.prompt\(alert\)/
      $SafariWindowParentClose_2 = /.*?.prompt\(.*?\)/
      $SafariWindowParentClose_3 = /.*?.close\(\)/
   condition:
      all of them
}

Are You Using Oinkmaster + Emerging Threats signatures?

Matt Jonkman over at ET, has announced that they will be making some changes to the way their rules are categorised which will result in you needing to change your configuration.

[Read more HERE]