<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Roger that, thanks for clarifying. It seems it would be difficult
to figure out what they're up without taking on a major project
... <br>
</p>
<p>-K</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 09/04/2016 09:24 PM, Michael Butash
wrote:<br>
</div>
<blockquote
cite="mid:44ccbf9a-880f-89e7-8f9e-c5d800df593a@butash.net"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Obfuscated code, apparently this is
more common these days to do. There's something that does a
hash off the posted payload input that interprets the real code
and functions behind it as it is read.<br>
<br>
I was reading about something like this not long ago the motions
to reverse engineer malware payloads from hacker-news posted
research used to keep their business under wraps. They figured
out how to reverse the algorithm and read the code the same as
they would to interpret the payload and run it when hitting the
site, noting what sort of havoc was being performed when
executed, some sort of windoze 0-day.<br>
<br>
They do something like this with android apk apps to keep them
"secure" and keep crappy other devs from pilfering code.<br>
<br>
I always run noscript for firefox and scriptsafe on chrome's,
it's worth the hassle.<br>
<br>
-mb<br>
<br>
<br>
On 09/04/2016 02:39 PM, Parabellum7 wrote:<br>
</div>
<blockquote
cite="mid:d5213605-1a3a-85ae-3b09-ca8138df8162@yahoo.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>Greetings fellow penguins, <br>
</p>
<p><br>
</p>
<p>Today I received a suspicious message with a link to some
rather odd looking (javascript?) code. If you'd like to see it
I put it on pastbin. <b>Obviously, don't download it or run
it. </b><br>
</p>
<p><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://pastebin.com/B1f9M70U">http://pastebin.com/B1f9M70U</a></p>
<p><br>
</p>
<p>It came from this URL: <b>Don't click this unless you're up
on dealing with unknown.</b> I purposely put spaces in it so
someone here doesn't accidentally click it anyway, like I
stupidly did. <br>
</p>
<h3 style="font-family: Helvetica, Arial, sans-serif;
font-weight: normal; line-height: 19px; color: #231f20;
text-align: left; font-size: 14px; margin: 0 0 2px;
font-weight:none;" align="left">h e l p - m e m b e r . c o m
/ e b a y d o c s / s c r e e n s h o t s . p h p </h3>
<p><br>
</p>
<p>Fortunately I have no script running so I don't think ... er,
hope ... nothing happened. <br>
</p>
<p>Any idea what this is? <br>
</p>
<p><br>
</p>
<p>Thanks!</p>
<p>--Kenn</p>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">---------------------------------------------------
PLUG-discuss mailing list - <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">---------------------------------------------------
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
<br>
</body>
</html>