Spammer sneaking javascript on page
[457 byte] By [tcmagnumpi] at [2007-11-20 11:48:36] 
I recently went to a site and being the nosy coder I am I checked the source to see if there was any javascript being used to grab info or otherwise spy or spam. There was a javascript being linked to and I grabbed the code. I'm not very good at javascript so I wanted to see if anyone on this board could tell me what the script does. I put it in a zip file so it doesn't execute on the forum. Also I didn't see .js as a valid extension.
# 1 Re: Spammer sneaking javascript on page
That is called obfuscated (http://en.wikipedia.org/wiki/Obfuscation). It is made to not be readable by the human eye unless a lot of time is invested to decode it. Sorry but, no one, unless spending hours will be able to tell you what that script does.EDIT: Note that it starts with eval(). That function can be dangerous if not used properly because it will execute any command given it. However, there is no way to tell that this is a dangerous script. It is simply obfuscated. What website did you find this on? My guess is that it is hardly dangerous.
PeejAvery at 2007-11-8 0:43:34 >
# 2 Re: Spammer sneaking javascript on page
webuildspam.com Thats why I think its a bad one. I couldn't believe someone had actually put a site up with that domain so I went to it with a non-networked machine via dialup and saw that code via an include link from the home page. Is there such a thing as an unobfuscateor? I try and stay ahead of the spammers to avoid my boards being attacked.tcmagnumpi at 2007-11-8 0:44:26 >
# 3 Re: Spammer sneaking javascript on page
The code isn't really obfuscated (though that is a side-effect.) The JavaScript has been generated from Dean Edwards' JavaScript packer (see http://dean.edwards.name/packer/)I can't post the unpacked code here because it's too long, but it's the jQuery library (http://jquery.com/).
andreasblixt at 2007-11-8 0:45:32 >
# 4 Re: Spammer sneaking javascript on page
The JavaScript has been generated from Dean Edwards' JavaScript packer (see http://dean.edwards.name/packer/)Out of curiosity...How can you tell that? Douglas Crockford (Yahoo!) has a JavaScript Minifier (http://www.crockford.com/javascript/jsmin.html) that I love to use. Could it not just be any code packer?
PeejAvery at 2007-11-8 0:46:36 >
# 5 Re: Spammer sneaking javascript on page
Dean Edwards' JavaScript packer has a unique signature in the form of it being an eval() that runs the result of an anonymous function with the arguments "p,a,c,k,e,d" or "p,a,c,k,e,r".andreasblixt at 2007-11-8 0:47:34 >
# 6 Re: Spammer sneaking javascript on page
I noticed that! Thanks for the info!PeejAvery at 2007-11-8 0:48:39 >
