12:11 Inetguards | |
| A few minutes ago was hacked my password ICQ, written on my behalf: "Look what you have with the system, constantly on you get a virus. for now scan your computer, everything heals quickly inetguards.com / and there you can do to an account could not crack. " Passed by reference, looked source Yeah, the script decodes something Apparently, he and this is not enough and it still decrypts :'/'+ hex_md5 ('b2eb45d8838702e4f8483cb70a6d2f81') that after the performance should translate our inetguards.com/f4e50176f7b4297adb3776ed25706ac8. Went in - got the same page ... Update - block by IP, the site is not responding. The investigation is ongoing whois says the domain is registered to Andrew Luchenko. By the way, ip for the domain name has already changed and was: 78.140.152.146 (there is speculation that he is now working). Latest News:We will seek other methods. While I deciphered the session on the site expires, do not have time ... put a sniffer, and I dare! More breaking news:If you follow the link browser - the server gives a 403 ... Well, consider the order of what he does. Firsthstr - a string that generates the server. Stands for both: for (i = 0; i <358; i + +) document.write (String.fromCharCode (hstr.charCodeAt (i) + 1)) Take the ascii code each character adds one and then translate into a character. Secondto get a new script that will append to the document. What is it? Certainly a new interpretation. At this time everything is easier, just urlencode. Unescape do and get ... ThirdGet another script that counts md5 of a string (For example, like this: hex_md5 ('b2eb45d8838702e4f8483cb70a6d2f81') and add it to slash to our current a URL. What will await us at the end - I do not know if anyone of you got all the same to the end - please be sure, I'll be very grateful. My guess: the server generates a key pair, one in an encrypted form (first urlencode + javascript, then subtracting charcode + javascript) to the client. He quickly recovers, generates a md5 hash and referrals. What is there - I do not know ... Well, latest newscame to the site. Title: White PC, protect your computer. Center: Flash, depicts a virus scan. Poklikav get inside derivable entities. agreement. After the license agreement, a proposal to send a SMS to number: 3858 (Cost of site 2 rubles, the cost of the reality of 300-360 rubles) Data whois:Administrative Contact: Lucenko Andrey Email: phonecontroller@bk.ru Organization: Private person Address: ul. Profsouznaya, 22, kv.340 City: Moscow State: Moscow obl . ZIP: 345768 Country: RU Phone: +7.4345234567 Fax: +7.4934524567 And, finally,Send a letter to the company which registered the number. As soon as I get an answer - immediately publish. Thank you all very much for your patience, I go to bed. | |
|
| |
| Total comments: 0 | |