Virus at server side files

Science & Technology Information Technology, Gaming, Machines, Gadgets
15

Re: Virus at server side files

Thanks. Very interesting.

My background is in security but not specifically on secure coding or virus research. From the bits I can gather (never learnt JS), that long line is the malware.

My guess is:

All of those random names (numbers) are given to obfuscate what the code really does. Further to that the unicode chars are summed up into a loop which proudces the malware (virus). Final step is a conversion to ASCII which when rendered will compromise the browser, or attend to anyway.

But also notice the iframe with source of: hxxp://77.221.133.150/.if/go.html?292720fa0

Birthday on 11/11/11 ~ Waleed
Birthday on 11/11/11 ~ Waleed