Re: decyphering spam
On 6/2/05, Steve Lamb <grey@dmiyu.org> wrote:
> michael wrote:
> > how do i decypher what the following HTML/javascript attempts (original
> > 'write' was all one line)?
>
> Personally, I used Python's urllib.unquote and got the following:
>
> <SCRIPT LANGUAGE="javascript">document.write('empty..');</SCRIPT><script
> language="javascript">function dF(s){var s1=unescape(s.substr(0,s.length-1));
> var
> t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script>
>
> > dF('*8HXHWNUY*75QFSLZFLJ*8I*77of%
> > 7Bfxhwnuy*77*75XWH*8I*77ktyt3ox*77*8J*5I*5F44*75XFRUQJ*75XHWNUY*75*787*752*75HFQQNSL*75FS*75J%5DYJWSFQ*75OX*75KNQJ*5I*5F*8H4XHWNUY*8J*5I*5F5')</script>
>
> Which is then fed the above segment to decode. Don't feel like digging
> into the above javascript to make a Python equivolant decoder for that
> section. Maybe someone else will jump in? :D
>
That final segment decodes to this:
SCRIPT LANGUAGE="javascript" SRC="foto.js"> // SAMPLE SCRIPT #2 -
CALLING AN EXTERNAL JS FILE </SCRIPT
which, unless there was a base reference issued in the actual spam,
leads nowhere. :)
--
~ Darryl ~ smartssa@gmail.com
http://smartssa.com / http://darrylclarke.com
Reply to: