Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I came across the following exploit due to a warning from my AV software. It originated from an adserver delivering banner ads on one of my sites.
I have retrieved the content with Wget and copied to pastebin.
http://pastebin.com/m6fa38fac
[Warning: Link may contain malware – Do not visit from vulnerable PC.]
Please note that you have to scroll horizontally on pastebin as the code is all on one line.
Can anyone find out what the exploit actually does?
Thank you.
Not quite, as it includes (the equivalent of):
it then uses the minutes and seconds of the last-modified time of the document containing it as a key to decode the array. If you can’t still retrieve that
javascript:alert(document.lastModified)time we’d have to brute-force it.ETA: ah, actually it only uses the first digit of the minutes, and from the way it uses it we can guess it’s supposed to be
1. That’s leaves only sixty possibilities, and a quick loop reveals that meaningful javascript only comes out for16seconds.I’ve put the decoded script here; it will probably also ping your anti-virus. Summary: it runs exploits against the Java, Flash and Acrobat plugins, running a payload from googleservice.net which is (surprise surprise) a Russian attack site.