Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is the source code of this small webpage malicious?


  • Please log in to reply
2 replies to this topic

#1 RCA56

RCA56

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 April 2010 - 10:31 PM

Do not click on link! I am having trouble finding a way to remove it as a hyperlink to prevent users from clicking on it.

hxxp://freesubs4yt.t35.com/Easy/login.php

I went to this link, and my browser was resized and started bouncing all over the screen while simultaneously playing Never Gonna Give You Up by Rick Astley.

While this seems like a joke website hosted on a free web hosting server that just logs IP addresses, I am wondering if something malicious such as malware, viruses, spyware are installed when one clicks on the link. I initially found the link on a self-professed hacker's YouTube channel who has compromised numerous accounts.

If anyone can take the time to analyze the source code, I'd greatly appreciate it. The source code is about one or two pages long, the lyrics for the song take up most of it.

Best Regards,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>

<meta name="google-site-verification" content="-hoHw9fPs8z5NKSCGS6RonJEs8tq_FiTLRSDVx4PC44" />
 <meta http-equiv="content-type" content="text/html; charset=utf-8"><title>Rickroll!</title>
  
   &lt;script type="text/javascript">
   <!--
   if (self.parent.frames.length && self.parent.frames.length != 0) self.parent.location = document.location;
   neva = "WE'RE NO STRANGERS TO LOVE\n\
   YOU KNOW THE RULES AND SO DO I\n\
   A FULL COMMITMENTS WHAT I'M THINKING OF\n\
   YOU WOULDN'T GET THIS FROM ANY OTHER GUY\n\
   \n\
   I JUST WANNA TELL YOU HOW I'M FEELING\n\
   GOTTA MAKE YOU UNDERSTAND\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU\n\
   \n\
   WE'VE KNOWN EACH OTHER FOR SO LONG\n\
   YOUR HEART'S BEEN ACHING, BUT\n\
   YOU'RE TOO SHY TO SAY IT\n\
   INSIDE WE BOTH KNOW WHAT'S BEEN GOING ON\n\
   WE KNOW THE GAME AND WE'RE GONNA PLAY IT\n\
   \n\
   AND IF YOU ASK ME HOW I'M FEELING\n\
   DON'T TELL ME YOU'RE TOO BLIND TO SEE\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU\n\
   \n\
   (GIVE YOU UP\n\
   GIVE YOU UP)\n\
   NEVER GONNA GIVE, NEVER GONNA GIVE\n\
   (GIVE YOU UP)\n\
   NEVER GONNA GIVE, NEVER GONNA GIVE\n\
   (GIVE YOU UP)\n\
   \n\
   WE'VE KNOWN EACH OTHER FOR SO LONG\n\
   YOUR HEART'S BEEN ACHING, BUT\n\
   YOU'RE TOO SHY TO SAY IT\n\
   INSIDE WE BOTH KNOW WHAT'S BEEN GOING ON\n\
   WE KNOW THE GAME AND WE'RE GONNA PLAY IT\n\
   \n\
   I JUST WANNA TELL YOU HOW I'M FEELING\n\
   GOTTA MAKE YOU UNDERSTAND\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU\n\
   \n\
   NEVER GONNA GIVE YOU UP\n\
   NEVER GONNA LET YOU DOWN\n\
   NEVER GONNA RUN AROUND AND DESERT YOU\n\
   NEVER GONNA MAKE YOU CRY\n\
   NEVER GONNA SAY GOODBYE\n\
   NEVER GONNA TELL A LIE AND HURT YOU";
   if(window.opera){
	 window.onkeydown = function(e){
		 if(e.keyCode != 18 && e.keyCode != 27 && e.keyCode != 32 && e.keyCode !=  115){
		   if(Math.random() > .5) for(var i = 0; i < 35; i++) document.getElementById('roll').Back();
				 else for(var i = 0; i < 53; i++) document.getElementById('roll').Forward();
				   document.getElementById('roll').Play();
				   }
					   else if(e.keyCode == 115){
						 for(x in neva.split('\n')){
							 alert(neva.split('\n')[x]);
							   }
								   }
								   return false;
									 }
								 }else{
								   window.onkeydown = function(e){
									   if(e.keyCode !=  13 && e.keyCode != 27 && e.keyCode != 32){
											 if(Math.random() > .5) for(var i = 0; i < 35; i++) document.getElementById('roll').Back();
											   else for(var i = 0; i < 53; i++) document.getElementById('roll').Forward();
												 document.getElementById('roll').Play();
												 }
													 return false;
												   }
												   }
												   /* document.onkeydown = function(){
													 for(var i = 0; i < 35; i++) document.getElementById('roll').Back();
													   document.getElementById('roll').Play();
														 return false;
													 } */
													 window.resizeTo(640,480);
													 window.moveTo(0,0);
													 for (i = 1; i <= 9; i++){
													 setTimeout('window.moveTo(1599,1199);', i+"000");
													 i++;
													 setTimeout('window.moveTo(0,1199);', i+"000");
													 i++;
													 setTimeout('window.moveTo(1599,0);', i+"000");
													 i++;
													 setTimeout('window.moveTo(0,0);', i+"000");
													 }
													 //-->
													 </script></head><body onbeforeunload="for(x in neva.split('\n')){ alert(neva.split('\n')[x]); } return false;">
													 &lt;script type="text/javascript">
													 <!--
													 if(window.attachEvent){
													   document.body.onkeydown = function(){
														   if(Math.random() > .5) for(var i = 0; i < 35; i++) document.getElementById('roll').Back();
															   else for(var i = 0; i < 53; i++) document.getElementById('roll').Forward();
															   document.getElementById('roll').Play();
																   return false;
																 }
																 }
																 //-->
																 </script>
																 <div style="text-align: center;"><embed id="roll" src="index_files/rickroll.swf" height="300" width="400"></div>
																 <p style="text-align: center;">You have officially been <a href="http://en.wikipedia.org/wiki/Rickrolling">Rickrolled!</a></p>
															<p style="text-align: center;"> <b>***This site is for entertainment purposes and will not harm your computer. Clicking through the lyrics is all that is needed to close the browser window.***</b>
																<!-- <b>***This site is for entertainment purposes and will not harm your computer.***</b> --></p>
&lt;script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
&lt;script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-331164-29");
pageTracker._trackPageview();
} catch(err) {}</script>												 </body></html>

Edited by Orange Blossom, 19 April 2010 - 11:00 PM.
Link deactivated. ~ OB


BC AdBot (Login to Remove)

 


#2 RCA56

RCA56
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 20 April 2010 - 04:04 AM

I took the liberty of saving the source code into a text file, and then scanning it using Jotti Malware scan. The results that a few virus scanners provided is that it is Joke.NoClose.JS.A. or Malware.JS.Achtung.A.

Apparently it's a joke program that from what I know has no malicious codes in it, or won't harm your computer. However, I assume malicious code could be integrated into the program.

But the site has logged IP addresses, and in the hands of these malicious users, this could be dangerous. DDOS attacks, port scans, nmaps, stalking, packet sniffing, etc...

Edited by RCA56, 20 April 2010 - 04:07 AM.


#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:05:16 PM

Posted 20 April 2010 - 03:12 PM

Looking at it I don't see anything malicious. Annoying, immature, asinine yes. But nothing actually dangerous.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users