Obfuscated code, apparently this is more common these days to do.  There's something that does a hash off the posted payload input that interprets the real code and functions behind it as it is read.

I was reading about something like this not long ago the motions to reverse engineer malware payloads from hacker-news posted research used to keep their business under wraps.  They figured out how to reverse the algorithm and read the code the same as they would to interpret the payload and run it when hitting the site, noting what sort of havoc was being performed when executed, some sort of windoze 0-day.

They do something like this with android apk apps to keep them "secure" and keep crappy other devs from pilfering code.

I always run noscript for firefox and scriptsafe on chrome's, it's worth the hassle.

-mb


On 09/04/2016 02:39 PM, Parabellum7 wrote:

Greetings fellow penguins,


Today I received a suspicious message with a link to some rather odd looking (javascript?) code. If you'd like to see it I put it on pastbin. Obviously, don't download it or run it.

http://pastebin.com/B1f9M70U


It came from this URL:  Don't click this unless you're up on dealing with unknown. I purposely put spaces in it so someone here doesn't accidentally click it anyway, like I stupidly did.

h e l p - m e m b e r . c o m / e b a y d o c s / s c r e e n s h o t s . p h p


Fortunately I have no script running so I don't think ... er, hope ... nothing happened.

Any idea what this is?


Thanks!

--Kenn




---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss