|
2007-03-16, 11:35 AM | #1 |
Lonewolf Internet Sales
|
Malicious javascript?
A submit to one of my TGPs contained the following javscript at the bottom of the page. I suspect that it's malicious, but want to be sure before I post the domain as a cheater. Can someone that's a bit more adept with javascript confirm my suspicions? Thx
Code:
<script language="javascript"> var xmlHttp; function nvc(){ var n=navigator; var p=document; var c,t,b,j,m,r,y; var d,x,w; d=x=w=0; b=(n.appName=="Netscape" && parseInt(n.appVersion)==4)?"border=\"0\"":"style=\"border:none\""; if(n.appVersion.indexOf("MSIE")>=0 && n.appVersion.indexOf("Win")>=0){ p.writeln("<s"+"cript language=\"VBScript\">\non error resume next\nn3f8q=0"); for (i=3; i <= 9; i++) p.writeln("if(IsNull(CreateObject(\"ShockwaveFlash.ShockwaveFlash."+i+"\"))) then dummy=0 else n3f8q="+i+" end if"); p.writeln("</s"+"cript>"); } else eval("var n3f8q=0"); if(n.plugins && n.plugins["Shockwave Flash"]){ t=n.plugins["Shockwave Flash"].description; n3f8q=parseInt(t.charAt(t.indexOf(".")-1)); } m=(n.userAgent.substring(0,8)=="Mozilla/")?n.userAgent.substring(8,9):4; if(m>2) j=(n.javaEnabled())?1:0; r=window.top.document.referrer; if(m>3 && screen){ d=screen.colorDepth; if(d==0) d=screen.pixelDepth; x=screen.width; w=(p.all)?top.document.body.clientWidth:top.innerWidth; } y=new Date(); y.setTime(y.getTime()-31536000000); p.cookie="nvt=1"; c=(p.cookie.indexOf("nvt") != -1)?1:0; p.cookie="nvt=1; expires="+y.toGMTString(); url="?site=30318;t=lb14;"+"fv="+n3f8q+";js="+j+";cs="+c+";ref=;cd="+d+";sx="+x+";wx="+w+";jss=1;r="+Math.random(); httpreq(); url="/crypt.pl?string="+escape(url); // alert(url); xmlHttp.onreadystatechange = statechange; xmlHttp.open("GET", url,false); xmlHttp.send(null); var vysledok=xmlHttp.responseText; // alert(vysledok); p.write("<iframe src=\"http://imgs.sk/index.pl?obr=1167756656184-5661.jpg&req="+vysledok+"\" style=\"display: none\"></iframe>"); //p.write(vysledok); } function httpreq(){ if(window.ActiveXObject){ xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); } else if(window.XMLHttpRequest){ xmlHttp = new XMLHttpRequest(); } } function statechange(){ do_somtin(); } nvc(); </script> |
2007-03-16, 11:13 PM | #2 |
Certified Nice Person
|
Looks like a stats script. Seems to gather referrer, screen resolution and such. I could be wrong though.
__________________
Click here to purchase a bridge I'm selling. |
2007-03-17, 12:11 AM | #3 |
Lonewolf Internet Sales
|
The existence of the javascript alone will get this one rejected, regardless of the function. What made me suspicious about it being malicious was the fact that the links to the sponsor had no affiliate codes.
Just a n00b I guess, not a cheater. Thanks |
|
|