Defacement via decoded PHP encoded javascript....

Viruses and worms
1

See: http://www.unphp.net/decode/f6b0eeb18bef3d52770386ab4b63025f/
On what site this PHP hack was performed through var enkripsi= encoded javasctipt …
Defacement check: Suspicion of defacement: harset=“utf-8” /> hacked by mr.moein #frm{ border:none; ove…
Side-wide check: Suspicious
fxqbqajlpns_qxxv1ggqrxwnfjrq">hacked by mr.moein


Given as hacked: http://sitecheck.sucuri.net/results/ramonaciobanu.ro
Inavailable and missed: http://zulu.zscaler.com/submission/show/f1cc6db688e2cc0544a3fa9731a77927-1421359332
Bitdefender TrafficLight blocks site as with malware.

polonus

2

Now let us look at the jsunpack results: http://jsunpack.jeek.org/?report=bd7fd03f920f83fad9f8a01b7df119ba4feb393b
Malware status and blacklist info on Sucuri’s → http://labs.sucuri.net/?details=balyan.ir
Found undefined variable d.style
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var d.style = 1;
error: line:1: …^ Read: https://javascriptweblog.wordpress.com/2010/08/16/understanding-undefined-and-preventing-referenceerrors/
llink author - Angus Croll

polonus