[Techtalk] is this malicious code? -- the code in Pastebin
Carla Schroder
carla at bratgrrl.com
Wed Jan 16 02:54:52 UTC 2013
On Tue, 15 Jan 2013 15:28:42 -0800
Cynthia Kiser <cnk at ugcs.caltech.edu> wrote:
> Quoting Carla Schroder <carla at bratgrrl.com>:
> > > > I have a snippet of a Javascript ad that Google flagged as
> > > > malicious.
> >
> >
> > http://pastebin.com/NvTGxDQd
>
> Not exactly sure but I am guessing Google is twigging on either
> wrapping JS in the CDATA block OR the constructing the penultimate
> script tag with:
>
> document.write ("'><\/scr"+"ipt>");
>
> Seems like you are trying to pass JS but delay execution thereof. I
> don't think that makes this malicious - but does make me curious.
>
>
Can it be that this is more dangerous that it appears? Can anyone do a
little deeper analysis of this? One of my chums says that the code (I
don't know which part) opens a big gateway to remote malicious code. I
quote:
"iSocket's invoking code itself isn't malicious. It's what that code is
pulling through the stargate combined with a bunch of other shit
nobody's clear on because then the malware people would adapt to stop
triggering it."
Carla
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
ace Linux nerd
buy my books! Book of Audacity,
Linux Networking Cookbook,
Linux Cookbook
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list