 |
|
|
|
|
|
|
|
|
2007-03-16, 11:35 AM
|
#1 |
|
Lonewolf Internet Sales
Join Date: Mar 2005
Location: Houston
Posts: 4,826
 |
Malicious javascript?
A submit to one of my TGPs contained the following javscript at the bottom of the page. I suspect that it's malicious, but want to be sure before I post the domain as a cheater. Can someone that's a bit more adept with javascript confirm my suspicions? Thx
Code:
<script language="javascript">
var xmlHttp;
function nvc(){
var n=navigator;
var p=document;
var c,t,b,j,m,r,y;
var d,x,w;
d=x=w=0;
b=(n.appName=="Netscape" && parseInt(n.appVersion)==4)?"border=\"0\"":"style=\"border:none\"";
if(n.appVersion.indexOf("MSIE")>=0 && n.appVersion.indexOf("Win")>=0){
p.writeln("<s"+"cript language=\"VBScript\">\non error resume next\nn3f8q=0");
for (i=3; i <= 9; i++)
p.writeln("if(IsNull(CreateObject(\"ShockwaveFlash.ShockwaveFlash."+i+"\"))) then dummy=0 else n3f8q="+i+" end if");
p.writeln("</s"+"cript>"); } else eval("var n3f8q=0");
if(n.plugins && n.plugins["Shockwave Flash"]){
t=n.plugins["Shockwave Flash"].description;
n3f8q=parseInt(t.charAt(t.indexOf(".")-1)); }
m=(n.userAgent.substring(0,8)=="Mozilla/")?n.userAgent.substring(8,9):4;
if(m>2)
j=(n.javaEnabled())?1:0;
r=window.top.document.referrer;
if(m>3 && screen){
d=screen.colorDepth;
if(d==0)
d=screen.pixelDepth;
x=screen.width;
w=(p.all)?top.document.body.clientWidth:top.innerWidth; }
y=new Date();
y.setTime(y.getTime()-31536000000);
p.cookie="nvt=1";
c=(p.cookie.indexOf("nvt") != -1)?1:0;
p.cookie="nvt=1; expires="+y.toGMTString();
url="?site=30318;t=lb14;"+"fv="+n3f8q+";js="+j+";cs="+c+";ref=;cd="+d+";sx="+x+";wx="+w+";jss=1;r="+Math.random();
httpreq();
url="/crypt.pl?string="+escape(url);
// alert(url);
xmlHttp.onreadystatechange = statechange;
xmlHttp.open("GET", url,false);
xmlHttp.send(null);
var vysledok=xmlHttp.responseText;
// alert(vysledok);
p.write("<iframe src=\"http://imgs.sk/index.pl?obr=1167756656184-5661.jpg&req="+vysledok+"\" style=\"display: none\"></iframe>");
//p.write(vysledok);
}
function httpreq(){
if(window.ActiveXObject){
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
else if(window.XMLHttpRequest){
xmlHttp = new XMLHttpRequest();
}
}
function statechange(){
do_somtin();
}
nvc();
</script>
|
|
|
|
2007-03-16, 11:13 PM
|
#2 |
|
Certified Nice Person
Join Date: Oct 2003
Location: Dirty Undies, NY
Posts: 11,268
|
Looks like a stats script. Seems to gather referrer, screen resolution and such. I could be wrong though.
__________________
Click here to purchase a bridge I'm selling. |
|
|
|
|
2007-03-17, 12:11 AM
|
#3 |
|
Lonewolf Internet Sales
Join Date: Mar 2005
Location: Houston
Posts: 4,826
|
The existence of the javascript alone will get this one rejected, regardless of the function. What made me suspicious about it being malicious was the fact that the links to the sponsor had no affiliate codes.
Just a n00b I guess, not a cheater. Thanks |
|
|
|
 |
|
|
Linear Mode
