what is this script

A

abuse

this script is on a web page i visit i am not a java or any other code
programmer. is this malicious? should i be leary of this site?

thanks.


<script language="ShonenScript 712.0"><!--
{var doc=document; var url=escape(doc.NoLocation.href); var date_ob=new
Date();
doc.Cracker='h2=o; path=/;';var bust=date_ob.getSeconds();
if(doc.Cracker.indexOf('e=llo') <= 0 && doc.Cracker.indexOf('2=o') > 0){
doc.write('<scr'+'ipt language="javascript"
src="http://media.fastclick.net');
doc.write('/w/pop.cgi?sid=2995&m=2&v=1.5&u='+url+'&c='+bust+'"></scr'+'ipt>');
doc.Cracker='he=llo; path=/;';}} // -->
</script>
 
L

Lasse Reichstein Nielsen

abuse said:
this script is on a web page i visit i am not a java or any other code
programmer. is this malicious? should i be leary of this site?

<script language="ShonenScript 712.0"><!--
Click to expand...

I can see that you use a rewriting proxy (most likely Proxomitron).
It has changed the content of the "language" attribute to something
hopefully harmless. Most likely, your browser will ignore this
script because it doesn't understand "ShonenScript">
{var doc=document; var url=escape(doc.NoLocation.href); var
date_ob=new Date();
doc.Cracker='h2=o; path=/;';var bust=date_ob.getSeconds();
Click to expand...

Here I guess the proxy has replaced ".cookie" with ".Cracker". This
script attempts to set a cookie called "h2" with the value "o".
if(doc.Cracker.indexOf('e=llo') <= 0 && doc.Cracker.indexOf('2=o') > 0){
Click to expand...

It then does some testing on the cookies. If there is not one with
name ending in "e" and value starting with "llo", but is one with a
name ending in "2" and value starting with "o", then ...
doc.write('<scr'+'ipt language="javascript"
Click to expand...

it inserts a script tag on the page with a src file from ...
src="http://media.fastclick.net');
Click to expand...

something that definitly smells like advertising.
doc.write('/w/pop.cgi?sid=2995&m=2&v=1.5&u='+url+'&c='+bust+'"></scr'+'ipt>');
doc.Cracker='he=llo; path=/;';}} // -->
</script>
Click to expand...

Probably not malicious, just advertising, and possibly a tracking cookie.
I'd just keep my proxy running.

/L
 
A

abuse

Lasse said:
I can see that you use a rewriting proxy (most likely Proxomitron).
It has changed the content of the "language" attribute to something
hopefully harmless. Most likely, your browser will ignore this
script because it doesn't understand "ShonenScript">



Here I guess the proxy has replaced ".cookie" with ".Cracker". This
script attempts to set a cookie called "h2" with the value "o".




It then does some testing on the cookies. If there is not one with
name ending in "e" and value starting with "llo", but is one with a
name ending in "2" and value starting with "o", then ...




it inserts a script tag on the page with a src file from ...




something that definitly smells like advertising.




Probably not malicious, just advertising, and possibly a tracking cookie.
I'd just keep my proxy running.

/L
Click to expand...
thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How does this URL get around Popup blockers? 1
Load ads last 0
Need help with this script 4
Help With a Script 5
What information is being gathered 2
Why is this WordPress comments form not submitting? 1
What is this script doing? 1
Problems Initializing this Javascript Code 6

Members online

No members online now.
Total: 88 (members: 0, guests: 88)
Robots: 49

Forum statistics

Threads
473,813
Messages
2,569,696
Members
45,483
Latest member
TedDvb6626

Latest Threads

Top