jlhaslip Posted June 3, 2009 Share Posted June 3, 2009 A friend from another Forum has a mysterious file on their hosting account and it uses a javascript eval function with a series of data (numbers) in an array. Any idea how to 'decipher' the digits to see what the function is supposed to be doing? 118,97,114,32,10, ... 34,62,60,47,105,102,39,43,39,114,39,43,39,97,109,101,62,39,41,59,32,102,117,110,99,116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,51,49,49,51,61,57,43,55,5 ... 14,32,109,110,98,113,61,52,51,48,52,49,56,50,52 That is the string found on the page inside script tags <script type="text/javascript"> and eval(String.fromCharCode()) is the function in question.Would this string be dangerous on a web site?How to translate those digits into readable text?***Please be careful with this data, as the friend suspects it may be malware *** Link to comment Share on other sites More sharing options...
jlhaslip Posted June 3, 2009 Author Share Posted June 3, 2009 Cancel this one... found it.http://linuxsysadminblog.com/2009/03/heurtrojanscriptiframe/An Iframe injection script. Link to comment Share on other sites More sharing options...
Synook Posted June 3, 2009 Share Posted June 3, 2009 It's not technically "malware"... but how did they get it on their account in the first place? Link to comment Share on other sites More sharing options...
jlhaslip Posted June 3, 2009 Author Share Posted June 3, 2009 Not sure. Checking the FTP/http logs as we speak. Link to comment Share on other sites More sharing options...
rawker Posted June 4, 2009 Share Posted June 4, 2009 *.hta(HTML Application) is far more dangerous, especially to those who are not aware the horror it could bring to your PC(Windows). Imagine an innocent HTML File that has access to your File System. Although, you still have to download the application before you can execute it. You can use that technique to wreak havoc since your victim might think that it's just harmless numbers. What they don't know is... that it's the code of doom. Link to comment Share on other sites More sharing options...
inktherapy Posted June 4, 2009 Share Posted June 4, 2009 Up!Any updates on these strange numbers on how did it get there? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 4, 2009 Share Posted June 4, 2009 Can you post the entire Javascript code if you still have it? I'm curious to decode it and see what it's actually doing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.