kinda newbie forensics for everyone
Results 1 to 9 of 9

Thread: kinda newbie forensics for everyone

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    4

    kinda newbie forensics/malicious code help

    hi this is my 1st ever post here in this forum. the forum seems to be warm in welcoming newbies.. so heres my first cry for help.. hope its ok.

    i recieved an email which i thought was suspicious.

    i am in the process of scouting for a reseller web hosting.. then this suspicious email hit me.. it is very much targeted as if the email sender knows my psyche. to cut it short.. i was offered a nice package of hosting and was given a link.. thinking that the email is suspicious i checked a whois of the URL. no special stuff.. i prepared and protected myself.. by fortifying my fortress (firewall ) and used proxy and checked out the site.. oddly.. the http://example.com default has this message " Use the url specified please for the special offer." nothing much on the source code. i was given a special URL in the email.. a http://example.com/host and found the script below.. fortunately.. i disabled any javascripts, plugins, and used a web proxy. does anyone have an idea of what the code is for? i decided to withhold the url, but anyone can request for it and ill give you a PM or post it here..



    heres the code::
    (it is a 7 line code, i am not sure it it would wrap to this forum. or anything)



    <script>
    var t1 = Array(0,0,0,0,0,0,0,0,0,102,78,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,65,37,56,52,0,113,67,0,66,61,0,83,95,33,43,115,62,9,44,51,69,107,89,120,34,110,40,85,70,41,38,63,10,114,55,87,97,112,106,116,88,80,0,0,48,64,117,109,104,0,0,57,79,122,0,54,103,77,0,0,0,0,0,58,0,72,98,111,121,84,50,71,68,60,101,45,76,100,46,99,108,32,35,47,53,59,105,49,118,73,119,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
    var t2 = 'iPGOp0@iPjDm0@iGvGpj0< +eqC4(aT+ey\ngq__qYDv9isGvGpj0@iOjGDqPGGEkj%Nvx)8&c9Gj9GkedEj8qoc9Gj9G)8Gj7GsPGOpuqoPDA/jG)v/ck""tSkw80@ipv95qAjp)8/Gdpj/PjjG8qPAj\t)8/Gdpj/no//8qGdEj)8Gj7Gso//80@isPjDm0@ibcmdqpj\tGODAXv9)8L8qGcEODAXv9)8L8qODAXv9zvmGP)8L8qODAXv9PjvXPG)8L8qopD//)8ocpcAw80@iGDbpjqzvmGP)838qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L8qDpvX9)8oj9GjA80@qqiGA0q@qqqqiGmqopD//)8ocpcA380q@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGm0ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmAwnXv\t8qzvmGP)8W8qPjvXPG)8#S80isGm0@qqqqqqqqqqiGmqzvmGP)8wLL!8qxDpvX9)8bcGGcO8qDpvX9)8AvXPG8q9czADEqbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmA,bX3nXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsO9Nw,wnXv\t8qzvmGP)8wf38qPjvXPG)8f#8qDpG)8acOj80iDqPAj\t)8oc9GDoGnPGO80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsO9Nw,fnXv\t8qzvmGP)8w#w8qPjvXPG)8f#8qbcAmjA)8L8qDpG)8&c9GDoGq;/80isD0isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqqqiGmqocp/ED9)8f8qopD//)8ocpcAf8qxDpvX9)8bcGGcO8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmA,bXfnXv\t8q9czADE0iDqPAj\t)8DbcNGnPGO80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsO9Nw,3nXv\t8qzvmGP)8wf38qPjvXPG)8f#8qbcAmjA)8L8qDpG)8 bcNGq;/80isD0iDqPAj\t)8/jAxvoj/nPGO80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsO9Nw,#nXv\t8qzvmGP)8wfS8qPjvXPG)8f#8qbcAmjA)8L8qDpG)8+jAxvoj/80isD0iDqPAj\t)8/NEEcAGnPGO80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsO9Nw,tnXv\t8qzvmGP)8wfw8qPjvXPG)8f#8qbcAmjA)8L8qDpG)8+NEEcAG80isD0isGm0@qqisGA0@qqiGA0q@qqqqiGmqopD//)8ocpcA#8q9czADE0q@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGm0ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8W8qPjvXPG)8wBf80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmA3nFEX8qzvmGP)8wWS8qPjvXPG)8wBf80isGm0@qqqqqqqqqqiGmqDpvX9)8AvXPG80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmA#nXv\t8qzvmGP)8St8qPjvXPG)8wBf8qDpG)8CjpocOjqGcq< +eqC4(aT+ey\ng80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqqqiGmqocp/ED9)8f8qopD//)8ocpcA#8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmA,bXwnXv\t8qxDpvX9)8GcE80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPmAfnXv\t8qzvmGP)8fBf8qPjvXPG)83"8qx/EDoj)8#B8qDpG)8CjpocOjqGcq< +eqC4(aT+ey\ng80isGm0@qqisGA0@qqiGA0q@qqqqiGmqopD//)8ocpcAW80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsPw,wnXv\t8qzvmGP)8wft8qPjvXPG)83L8qDpG)8ac/Gv9XqIpD9/80isGm0@qqqqiGmqocp/ED9)8f8qopD//)8ocpcAt80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoOwnXv\t8qzvmGP)8B8qPjvXPG)83L80isGm0@qqisGA0@qqiGA0q@qqqqiGmqopD//)8ocpcA"8qxDpvX9)8GcE8qAcz/ED9)8f80q@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGmqxDpvX9)8GcE8qzvmGP)8wLL!80q@qqqqqqqqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGm0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980ib0(D/voqac/Gv9Xisb0ibA0@qqqqqqqqqqqqqqqqqqqqibA0@qqqqqqqqqqqqqqqqqqqq>rw#SuqwLLqY(qc\tqmv/5/EDojibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suqtqg((sYc9GPqmDGDqGAD9/\tjAibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq4kYDvpq/jAxvoj/ibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq&gyq+oAvEGqoDEDbvpvGvj/iibA0@11111>rw#Suq oGvxjq+jAxjAqIDXj/q: +I=ibA0@11111>rw#Suq+jAxjAq+Ejjmqfn"gPUqHjc9.ibA0ibA0ibA0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqqqiGmqxDpvX9)8bcGGcO8qDpvX9)8AvXPG8q9czADE0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980>9b/EuivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsE9GAwnXv\t8qzvmGP)8B8qPjvXPG)8t80iDqPAj\t)8EDo5DXjwnPGO80AjDmqOcAjisD0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qPjvXPG)8B80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bX#nXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqisGDbpj0@qqqqqqqqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGm0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980ib0y9GjAOjmvDGjqac/Gv9Xisb0ibA0@qqqqqqqqqqqqqqqqqqqqibA0@qqqqqqqqqqqqqqqqqqqq>rw#SuqfLLqY(qc\tqmv/5/EDojibA0@qqqqqqqqqqqqqqqqqqqq>rw#SuqwLqg((sYc9GPqmDGDqGAD9/\tjAibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq4kYDvpq/jAxvoj/ibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq&gyq+oAvEGqoDEDbvpvGvj/iibA0@11111>rw#Suq oGvxjq+jAxjAqIDXj/q: +I=ibA0@11111>rw#Suq+jAxjAq+Ejjmqfn"gPUqHjc9.ibA0@11111>rw#Suqib0<Ac9GEDXjqfLLfq/jAxjAqj7Gj9Gvc9/isb0ibA0ibA0ibA0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqqqiGmqxDpvX9)8bcGGcO8qDpvX9)8AvXPG8q9czADE0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980>9b/EuivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsE9GAwnXv\t8qzvmGP)8B8qPjvXPG)8t80iDqPAj\t)8EDo5DXjfnPGO80AjDmq@qqqqqqqqqqqqqqqqqqqqOcAjisD0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qPjvXPG)8B80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bX#nXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqisGDbpj0@qqqqqqqqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGm0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980ib0 mxD9ojmqac/Gv9Xisb0ibA0@qqqqqqqqqqqqqqqqqqqqibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq3LLqY(qc\tqmv/5/EDojibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suqwtqg((sYc9GPqmDGDqGAD9/\tjAibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq4kYDvpq/jAxvoj/ibA0@qqqqqqqqqqqqqqqqqqqq>rw#Suq&gyq+oAvEGqoDEDbvpvGvj/iibA0@11111>rw#Suq oGvxjq+jAxjAqIDXj/q: +I=ibA0@11111>rw#Suq+jAxjAq+Ejjmqfn"gPUqHjc9.ibA0@11111>rw#Suqib0<Ac9GEDXjqfLLfq/jAxjAqj7Gj9Gvc9/isb0ibA0ibA0ibA0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqqqiGmqxDpvX9)8bcGGcO8qDpvX9)8AvXPG8q9czADE0q@qqqqqqqqqqqqqqqqqqimvxqopD//)8pj\tG&cpNO980>9b/EuivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsE9GAwnXv\t8qzvmGP)8B8qPjvXPG)8t80iDqPAj\t)8EDo5DXj3nPGO80AjDmq@qqqqqqqqqqqqqqqqqqqqOcAjisD0ismvx0@qqqqqqqqqqqqqqqqisGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qPjvXPG)8B80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqqqiGA0q@qqqqqqqqqqqqqqqqiGmqocp/ED9)8f8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bX#nXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w80isGm0@qqqqqqqqqqqqqqisGA0@qqqqqqqqqqqqisGDbpj0@@qqqqqqqqqqisGm0@qqqqqqqqqqiGmqxDpvX9)8GcE80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO#nFEX8qzvmGP)8wt8qPjvXPG)8wW#80isGm0@qqqqqqqqisGA0@qqqqqqqqiGA0q@qqqqqqqqqqiGmqocp/ED9)8f8qPjvXPG)8wL80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqqqiGmqopD//)8ocpcAwf8qxDpvX9)8GcE8qAcz/ED9)8#80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoOfnXv\t8qzvmGP)8w8qPjvXPG)8wWW80isGm0@qqqqiGmqopD//)8ocpcAS8qxDpvX9)8GcE80q@qqqqqqiGDbpjqbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L8qzvmGP)8wLL!80@qqqqqqqqiGA0q@qqqqqqqqqqiGmqopD//)8ocpcAB8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bXwnFEX80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsDmxwnXv\t8qzvmGP)8fS38qPjvXPG)8BB80isGm0@qqqqqqqqqqiGmqbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bXfnXv\t8qopD//)8ocpcAB8qzvmGP)8wLL!80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w3"80isGm0@qqqqqqqqisGA0@qqqqqqqqiGA0q@qqqqqqqqqqiGm0ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO3nFEX8qzvmGP)83Bw8qPjvXPG)8f"80isGm0@qqqqqqqqqqiGmqbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsoO,bX3nXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGmqzvmGP)8wLL!80q@qqqqqqqqqqqqimvxqopD//)8oc9Gj9G80ibqopD//)8Pw80+GDAGv9XqdcNAqcz9qbN/v9j//qc9qGPjq@qqqqqqqqqqqqqq\n4e?isb0ibA0@qqqqqqqqqqqqqqibA0@qqqqqqqqqqqqqq6cNqPDxjqocOjqGcqGPjqAvXPGqEpDoj-q@qqqqqqqqqqqqqqiE0e3q#tqObEs/2qEczjAjmqbdqPvXPpdq/oDpDbpjqh4llq/jAxjA/nq@qqqqqqqqqqqqqqqqCjq59czqPczqGcq5jjEqdcNAq/vGjqNEqDppqGPjqGvOjqD9mq\tD/GnisE0@qqqqqqqqqqqqqqiE0&Pjo5qcNGqGPjqEDo5DXj/qc9qGPjqpj\tGq/vmjqD9mqzvGPv9qf#qPcNA/2q@qqqqqqqqqqqqqqqqdcNqoD9q/GDAGqNEpcDmv9XqdcNAq\tvpj/qGcqcNAq/jAxjA/qD9mq/GDAGqdcNAq@qqqqqqqqqqqqqqqqv9GjA9jGqbN/v9j//-ibA0@qqqqqqqqqqqqqqisE0@qqqqqqqqqqqqismvx0@qqqqqqqqqqisGm0@qqqqqqqqqqiGm0ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8wt8qPjvXPG)8w80isGm0@qqqqqqqqisGA0@qqqqqqqqiGA0q@qqqqqqqqqqiGmqocp/ED9)8f8qPjvXPG)8fL80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqisGA0@qqiGA0q@qqqqiGmqxDpvX9)8bcGGcO8qopD//)8ocpcAS80q@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGmqDpvX9)8AvXPG8qbDo5XAcN9m)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXs\tGA,bXwnXv\t80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXs\tGAwnFEX8qzvmGP)83W#8qPjvXPG)8tt80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqisGA0@qqiGA0q@qqqqiGmqopD//)8ocpcAwL80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXsw7wGnXv\t8qzvmGP)8w8qPjvXPG)8w80isGm0@qqqqiGmqopD//)8ocpcAwf8qDpvX9)8AvXPG8qzvmGP)8fL#"80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXs\tGAfnXv\t8qzvmGP)83Ww8qPjvXPG)8w80isGm0@qqisGA0@qqiGA0q@qqqqiGmqopD//)8ocpcA"80q@qqqqqqimvxqopD//)8ocEdAvXPG80&cEdAvXPGq>ocEduqfLLfismvx0@qqqqisGm0@qqqqiGmqopD//)8ocpcAw380q@qqqqqqiGDbpjqzvmGP)8wLL!8qbcAmjA)8L8qojpp/EDov9X)8L8qojppEDmmv9X)8L80@qqqqqqqqiGA0q@qqqqqqqqqqiGm0q@qqqqqqqqqqqqimvxqopD//)8ocEdAvXPG80hjxjpcEjmqbdqiDqPAj\t)8PGGE_sszzznm9D8qGDAXjG)8,bpD9580m9DisD0ismvx0@qqqqqqqqqqisGm0@qqqqqqqqqqiGmqDpvX9)8AvXPG8qxDpvX9)8GcE80ivOXq/Ao)8PGGE_ssPc/Gv9XEAcmnocOsMjUoDppOD5jAnocOssjD/dvOXs\tGA3nXv\t8qzvmGP)8tS8qPjvXPG)8wL80isGm0@qqqqqqqqisGA0@qqqqqqisGDbpj0@qqqqisGm0@qqisGA0@isGDbpj0@isbcmd0@isPGOp0@';
    var out = ''; for(i=0; i<t2.length; i++){ out += String.fromCharCode(t1[t2.charCodeAt(i)]); }
    document.write(out);
    </script>




    thanks. and best regards.


    buzzlight

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    ok, here we go ...

    runs a loop through the 2nd var, then takes the values of the characters and feeds it into the 1st var, using those values (as unicode) to print something...

    thats' all i know, i didn't feel like running it
    yeah, I\'m gonna need that by friday...

  3. #3
    Junior Member
    Join Date
    Oct 2003
    Posts
    4
    thanks for the reply..

    one question again. does using a web proxy and disabling javascripts on Opera browser prevented me from being victimized by that code?

    thanks.

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    who knows...
    that could be an IE exploit... i dunno?

    , the proxy wouldn't help anyway...
    yeah, I\'m gonna need that by friday...

  5. #5
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    It looks to me like a simple html source encryption. Works like Tampa says. Not neccesarily malicious they just don't want the source viewed. If you're really paranoid just copy the function into VB or anything really and run the cipherblock through it.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  6. #6
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    heh, just another doof wasting their time trying to hide html source that isn't worth anything and isn't very hard to re-code anyways. Has anyone ever tried to copy code from one of these encoded pages directly from the browser and paste it into an ide such as.....adobe pagemill or visual interdev? I wonder if it will strip the encoding? *runs off to find an encoded page...*
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  7. #7
    Junior Member
    Join Date
    Oct 2003
    Posts
    4
    ok. thanks for all the help.. i am not paranoid really just trying out if anyone can at least give me an idea of what it is. thanks again.


    ah.. btw.. if any of you is interested.. heres the link. http://www.ezcallmaker.com/host/ i dont know what it does or anything... it might interest any of you what might happen ..
    dare?

    thanks.

    buzzlight.

    and. anyone clickin it might try disabling the browser referrer or copy/paste it manually it your preferred browser as the culprit might get the idea he/she is being talk about

    cheers.

  8. #8
    who claims to be the sender on the message
    http://www.danasoft.com/sig/c0bra.jpg
    click here to hack my computer and delete all my important files

  9. #9
    Junior Member
    Join Date
    Oct 2003
    Posts
    4
    heres the full email with the header.. hope this helps. thanks for all the help.

    buzzlight


    X-Apparently-To: xxx@example.com via 216.109.118.85; Wed, 08 Oct 2003 20:39:35 -0700
    X-YahooFilteredBulk:
    207.44.230.209
    Return-Path:
    <dan252@zraw.com>
    Received:
    from 207.44.230.209 (HELO zraw.com) (207.44.230.209) by mta141.mail.scd.yahoo.com with SMTP; Wed, 08 Oct 2003 20:39:35 -0700
    To:
    xxx@example.com
    X-Mailer:
    Microsoft Outlook Express 6.00.2600.0000
    Subject:
    special domain hosting offer
    From:
    "dan" <dan252@zraw.com> | This is not spam | Add to Address Book
    Content-Length:
    755


    Hi,

    Your website needs a good web host to keep it up and running 24/7
    while being affordable.
    This is what we are willing to offer you:
    For only $9.99:
    http://www.ezcallmaker.com/host
    Plan 1
    - 5,000 MB of bandwidth
    - 100 mb of storage
    - Multiple domain aliases on one account
    - 24/7 Tech support by phone and email
    - 99% uptime guarantee
    - We host many large sites to ensure our experience while growing with
    you.
    LIMITED time offer:
    Setup fee will be waived for all accounts if you signup now.
    FREE SETUP!
    We usually charge for setup fee but due to our new servers we have just
    acquired
    we are looking to fill it up. Signup now and get in while you can and
    host
    multiple domains on one account!
    Andy L
    http://www.ezcallmaker.com/host

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •