| Welcome to WebmasterWorld Guest from 18.104.22.168 |
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
|Become a Pro Member|
|decipher a chunk of malware |
| 2:26 pm on Jul 6, 2010 (gmt 0)|
Here's a challenge for someone who likes puzzles
I just found this little chunk of crap injected into my WordPress template.
do the numbers mean anything?
| 4:54 pm on Jul 6, 2010 (gmt 0)|
An initial guess would be that each 2 digit pair is the hex code for an ASCII char. By that method, the first 8 digits decode to 0D0A, which is a carriage return + line feed.
Another guess is that the string is decoded or transformed by the inurl.js file fetched from the remote site.
| 5:12 pm on Jul 6, 2010 (gmt 0)|
It's double hex encoded, and appears to decode to the <script> statement you quote above:
Malfunctioning malware?! :)
All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved