Crazy!
Okay thanks, Red, for sending me the resulting code you found there. This idiot really jumped the gun.
For security reasons I will not paste any code here, since I don't want Google or anyone else to flag InBoxRevenge as being potentially malicious.
He obfuscates a huge amount of text using a div which is hidden to contain raw text, then a huge series of obfuscated JavaScript functions which again ultimately strive to "eval" the resulting processed text.
If you try to view the output, the first thing the JavaScript outputs is a block of HTML:
Code:
<center><h1>404 Not Found</h1></center><hr>
Then a huger block of more straightforward JavaScript which attempts the following:
- Java exploit
- Browser plugin detection (Shockwave, MSXml, Flash, Shell helpers, Windows Media Player)
- Two more Java exploits
- Adobe Acrobat exploits (2)
Each of these are all known by various malware detection systems. As noted my entire office cannot even see that site, and it turns out the reason I couldn't see any JavaScript in their page source was because this was a further protection of the ESET anti-malware system. (Well done.)
I'm sure he snagged a few PC's with this but it's debatable wither it would be that many given that most of these are covered by at least a year's worth of patches and upgrades.
SiL
Posted: Tue Apr 19, 2011 7:00 pm 
