[Techtalk] is this malicious code? -- the code in Pastebin
James Sutherland
james at deadnode.org
Tue Jan 15 23:30:12 UTC 2013
On 15 Jan 2013, at 23:20, Carla Schroder <carla at bratgrrl.com> wrote:
> On Tue, 15 Jan 2013 23:03:57 +0000
> James Sutherland <james at deadnode.org> wrote:
>
>> On 15 Jan 2013, at 23:01, Carla Schroder <carla at bratgrrl.com> wrote:
>>
>>> Hey all,
>>>
>>> I have a snippet of a Javascript ad that Google flagged as
>>> malicious. I would like a second opinion from you fine
>>> Techtalkers-- what's the best way to safely share this code? It's
>>> about a dozen lines.
>>
>> It's safe enough as a text file or inline in an email; at 12 lines,
>> it shouldn't upset anyone either.
>>
>> Alternatively, you can put it on http://pastebin.com/ and share the
>> URL to it with us: anyone clicking the URL will only see it as text
>> in the browser.
>>
>>
>> James.
>>
>
> Cool, good idea:
>
> http://pastebin.com/NvTGxDQd
Looks harmless: all it does is insert a <script> tag referencing adsbyisocket.com. The "odd" bits are just it putting things like the current page address and the page 'referer'(sic) into that URL, so they get a better idea whom they're serving their ads to.
It's possible adsbyisocket.com is a malware domain, but it certainly looks like a regular online ad broker from a quick look.
James.
More information about the Techtalk
mailing list