11:05 Detective story in the style of java / js | |
Note: while writing the post, the site remains contaminated. Yes, it could infect your Windows box through a hole in the Java (Maybe). Last night, looking at the website The Messenger, Google found a warning about the danger of infection, of course I rejected it and climbed up to look into sources (Do not do this!) At first glance there is nothing dangerous was not there. I had to dig a little deeper and I found something interesting! The threat turned out to be hidden in jQuery (jquery.min.js), at the very end of the file was carefully inserted into the code (It is not recommend to execute it, there is iframe!!): (Code: pastebin.com / DSPzeDqd) chopping (by removing some characters from the beginning of the variable «txt») ciphertext we obtain a non-working code from which we learn that there was hidden. It is a "trojan", which saw Google. IFrame leads us to the site is definitely Russian roots - "bul0va .***" (What would you not swear at me, better not go there! "There's Trojans!) A little after analyzing the source this site we found out that there is still java file. Do not become parse JavaScript code, I went looking for Java decompiler. The first thing I found was this application - http://java.decompiler.free.fr/. It worked. I got the source code of this jar file with a rather interesting chips "against too smart." (The code of the main class: http://pastebin.ru/317047) Unfortunately, I could not understand how and what he does. I suggest that you complete a small quest to understand how it infects the machine end-user. | |
|
| |
| Total comments: 7 | ||||||||
| ||||||||
