Re: What is this rubbish?

Top Page
Attachments:
Message as email
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash
Date:  
To: plug-discuss
Subject: Re: What is this rubbish?





Obfuscated code, apparently this is
      more common these days to do.  There's something that does a hash
      off the posted payload input that interprets the real code and
      functions behind it as it is read.


      I was reading about something like this not long ago the motions
      to reverse engineer malware payloads from hacker-news posted
      research used to keep their business under wraps.  They figured
      out how to reverse the algorithm and read the code the same as
      they would to interpret the payload and run it when hitting the
      site, noting what sort of havoc was being performed when executed,
      some sort of windoze 0-day.


      They do something like this with android apk apps to keep them
      "secure" and keep crappy other devs from pilfering code.


      I always run noscript for firefox and scriptsafe on chrome's, it's
      worth the hassle.


      -mb



      On 09/04/2016 02:39 PM, Parabellum7 wrote:




Greetings fellow penguins,



Today I received a suspicious message with a link to some
        rather odd looking (javascript?) code. If you'd like to see it I
        put it on pastbin. 
Obviously, don't download it or run it.

http://pastebin.com/B1f9M70U


It came from this URL:  Don't click this unless you're up
          on dealing with unknown.
I purposely put spaces in it so
        someone here doesn't accidentally click it anyway, like I
        stupidly did. 


h e l p - m e m b e r . c o m / e b a y d o c s / s
        c r e e n s h o t s . p h p 



Fortunately I have no script running so I don't think ... er,
        hope ... nothing happened. 


Any idea what this is?



Thanks!
--Kenn





---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss





---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss