Obfuscated code, apparently this is
more common these days to do. There's something that does a hash
off the posted payload input that interprets the real code and
functions behind it as it is read.
I was reading about something like this not long ago the motions
to reverse engineer malware payloads from hacker-news posted
research used to keep their business under wraps. They figured
out how to reverse the algorithm and read the code the same as
they would to interpret the payload and run it when hitting the
site, noting what sort of havoc was being performed when executed,
some sort of windoze 0-day.
They do something like this with android apk apps to keep them
"secure" and keep crappy other devs from pilfering code.
I always run noscript for firefox and scriptsafe on chrome's, it's
worth the hassle.
-mb
On 09/04/2016 02:39 PM, Parabellum7 wrote:
Greetings fellow penguins,
Today I received a suspicious message with a link to some
rather odd looking (javascript?) code. If you'd like to see it I
put it on pastbin.
Obviously, don't download it or run it.
http://pastebin.com/B1f9M70U
It came from this URL: Don't click this unless you're up
on dealing with unknown.
I purposely put spaces in it so
someone here doesn't accidentally click it anyway, like I
stupidly did.
h e l p - m e m b e r . c o m / e b a y d o c s / s
c r e e n s h o t s . p h p
Fortunately I have no script running so I don't think ... er,
hope ... nothing happened.
Any idea what this is?
Thanks!
--Kenn
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss