jlhaslip 1 Posted June 3, 2009 Report Share Posted June 3, 2009 (edited) A friend from another Forum has a mysterious file on their hosting account and it uses a javascript eval function with a series of data (numbers) in an array. Any idea how to 'decipher' the digits to see what the function is supposed to be doing? 118,97,114,32,10, ... 34,62,60,47,105,102,39,43,39,114,39,43,39,97,109,101,62,39,41,59,32,102,117,110,99,116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,51,49,49,51,61,57,43,55,5 ... 14,32,109,110,98,113,61,52,51,48,52,49,56,50,52 That is the string found on the page inside script tags <script type="text/javascript"> and eval(String.fromCharCode()) is the function in question.Would this string be dangerous on a web site?How to translate those digits into readable text?***Please be careful with this data, as the friend suspects it may be malware *** Edited June 3, 2009 by jlhaslip Quote Link to post Share on other sites
jlhaslip 1 Posted June 3, 2009 Author Report Share Posted June 3, 2009 Cancel this one... found it.http://linuxsysadminblog.com/2009/03/heurtrojanscriptiframe/An Iframe injection script. Quote Link to post Share on other sites
Synook 47 Posted June 3, 2009 Report Share Posted June 3, 2009 It's not technically "malware"... but how did they get it on their account in the first place? Quote Link to post Share on other sites
jlhaslip 1 Posted June 3, 2009 Author Report Share Posted June 3, 2009 Not sure. Checking the FTP/http logs as we speak. Quote Link to post Share on other sites
rawker 0 Posted June 4, 2009 Report Share Posted June 4, 2009 (edited) *.hta(HTML Application) is far more dangerous, especially to those who are not aware the horror it could bring to your PC(Windows). Imagine an innocent HTML File that has access to your File System. Although, you still have to download the application before you can execute it. You can use that technique to wreak havoc since your victim might think that it's just harmless numbers. What they don't know is... that it's the code of doom. Edited June 4, 2009 by rawker Quote Link to post Share on other sites
inktherapy 0 Posted June 4, 2009 Report Share Posted June 4, 2009 Up!Any updates on these strange numbers on how did it get there? Quote Link to post Share on other sites
justsomeguy 1,135 Posted June 4, 2009 Report Share Posted June 4, 2009 Can you post the entire Javascript code if you still have it? I'm curious to decode it and see what it's actually doing. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.