Malicious code?

[steppdroid]

Hi guys, what is this code? Thanks!

Code:

<!-- LayertoolService JavaScript Injection start -->
<script type="text/javascript">
    //<![CDATA[
    // add fancybox css to the head
    var cssLink  = document.createElement('link');
    cssLink.type = 'text/css';
    cssLink.rel  = 'stylesheet';
    cssLink.href = './application/fancybox/jquery.fancybox-1.3.4.css';
    document.getElementsByTagName('head')[0].appendChild(cssLink);
    //]]>
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
<script type="text/javascript" src="./application/fancybox/jquery.fancybox-1.3.4.js"></script>
<script type="text/javascript" src="./application/client/client.js"></script>
<script type="text/javascript" src="./application/cookie/jquery.cookie.js"></script>
<script type="text/javascript">var jQueryLts = jQuery.noConflict(true);</script>
<script type="text/javascript">
    //<![CDATA[
    jQueryLts('document').ready(function() {
        try {
            var serviceLinks = ['./47/us/ES/-14400/0','./email/47/us'];
            var paymentURL   = 'https://ssl.bigpoint.net/billing/?req=YToxMzp7czo2OiJ1c2VySUQiO3M6ODoiOTgxNzM0ODQiO3M6ODoidXNlcm5hbWUiO3M6MTE6InhkcnNlcmVzdHNyIjtzOjg6Im1lbWJlcklEIjtzOjk6IjI2MTY5NTYwMCI7czo0OiJicGlkIjtzOjMyOiI1MTgxMjQwNGRsNUtrbEt4bmVuN0dwSWJiUU53SXFPQiI7czo3OiJ1c2VyQWdlIjtpOjE2O3M6MTQ6ImZiX2FwcGxpY2F0aW9uIjtiOjA7czo5OiJmYl91c2VySWQiO3M6MTU6IjEwMDAwNDg4NzY2MjUzMiI7czo5OiJwcm9qZWN0SUQiO3M6MjoiNDciO3M6MzoiYWlkIjtpOjA7czozOiJhaXAiO3M6MDoiIjtzOjQ6ImxhbmciO3M6MjoiZW4iO3M6MzoiZGV2IjtiOjA7czo0OiJ0aW1lIjtpOjEzNjgzNjcyNjk7fQ%3D%3D&aid=0&aip=&hash=fa14c21f64316279b5a2a5f3488c97c7';
            BPLayertool2.Helper.setPaymentLink(paymentURL);
            BPLayertool2.Helper.setUserId(98173484);
            BPLayertool2.Helper.setRequestTime(1368367269);
            BPLayertool2.Helper.setServices(serviceLinks);
            BPLayertool2.JSONPRequest.setRequestURL(serviceLinks[0]);
            BPLayertool2.JSONPRequest.doRequest(BPLayertool2.LayerView.prepareView);
        } catch (Exception) {
            if (true === Boolean(console.log)) {
                console.log(Exception);
            } else {
                throw Exception;
            };
        }
    });
    //]]>
</script>
<!-- LayertoolService JavaScript Injection end -->

[0wnix]

I guess it generates a link to the payment system

Code:

            BPLayertool2.Helper.setPaymentLink(paymentURL);

using your userid

Code:

            BPLayertool2.Helper.setUserId(98173484);

EDIT : idk if manulaiko is joking or not... but it's not a virus, not at all

[manulaiko3.0]

It's a virus from BP that injects JavaScript to the web browser to steal your credit card information so they can send you thoushands of spam to your email and buy payment subscriptions without your acknowledgementc

The line

Code:

            var paymentURL   = 'https://ssl.bigpoint.net/billing/?req=YToxMzp7czo2OiJ1c2VySUQiO3M6ODoiOTgxNzM0ODQiO3M6ODoidXNlcm5hbWUiO3M6MTE6InhkcnNlcmVzdHNyIjtzOjg6Im1lbWJlcklEIjtzOjk6IjI2MTY5NTYwMCI7czo0OiJicGlkIjtzOjMyOiI1MTgxMjQwNGRsNUtrbEt4bmVuN0dwSWJiUU53SXFPQiI7czo3OiJ1c2VyQWdlIjtpOjE2O3M6MTQ6ImZiX2FwcGxpY2F0aW9uIjtiOjA7czo5OiJmYl91c2VySWQiO3M6MTU6IjEwMDAwNDg4NzY2MjUzMiI7czo5OiJwcm9qZWN0SUQiO3M6MjoiNDciO3M6MzoiYWlkIjtpOjA7czozOiJhaXAiO3M6MDoiIjtzOjQ6ImxhbmciO3M6MjoiZW4iO3M6MzoiZGV2IjtiOjA7czo0OiJ0aW1lIjtpOjEzNjgzNjcyNjk7fQ%3D%3D&aid=0&aip=&hash=fa14c21f64316279b5a2a5f3488c97c7';

Tell us from where's the virus downloaded, and the line

Code:

            var serviceLinks = ['./47/us/ES/-14400/0','./email/47/us'];

Tell use where is going to be injected the virus.

We must report this to BP so they can delete that code, if they don't we can start legal process against BP.

For now don't enter darkorbit untill it's fixed.

[dasti555]

Quote:

Originally Posted by manulaiko3.0

It's a virus from BP that injects JavaScript to the web browser to steal your credit card information so they can send you thoushands of spam to your email and buy payment subscriptions without your acknowledgementc

The line

Code:

            var paymentURL   = 'https://ssl.bigpoint.net/billing/?req=YToxMzp7czo2OiJ1c2VySUQiO3M6ODoiOTgxNzM0ODQiO3M6ODoidXNlcm5hbWUiO3M6MTE6InhkcnNlcmVzdHNyIjtzOjg6Im1lbWJlcklEIjtzOjk6IjI2MTY5NTYwMCI7czo0OiJicGlkIjtzOjMyOiI1MTgxMjQwNGRsNUtrbEt4bmVuN0dwSWJiUU53SXFPQiI7czo3OiJ1c2VyQWdlIjtpOjE2O3M6MTQ6ImZiX2FwcGxpY2F0aW9uIjtiOjA7czo5OiJmYl91c2VySWQiO3M6MTU6IjEwMDAwNDg4NzY2MjUzMiI7czo5OiJwcm9qZWN0SUQiO3M6MjoiNDciO3M6MzoiYWlkIjtpOjA7czozOiJhaXAiO3M6MDoiIjtzOjQ6ImxhbmciO3M6MjoiZW4iO3M6MzoiZGV2IjtiOjA7czo0OiJ0aW1lIjtpOjEzNjgzNjcyNjk7fQ%3D%3D&aid=0&aip=&hash=fa14c21f64316279b5a2a5f3488c97c7';

Tell us from where's the virus downloaded, and the line

Code:

            var serviceLinks = ['./47/us/ES/-14400/0','./email/47/us'];

Tell use where is going to be injected the virus.

We must report this to BP so they can delete that code, if they don't we can start legal process against BP.

For now don't enter darkorbit untill it's fixed.

Sarcasm?

[olitis1]

Quote:

Originally Posted by dasti555

Sarcasm?

Do you think bigpoint have created a "virus" to steal your credit card information? It's clear, that's sarcasm.

[Zetadarus]

Quote:

Originally Posted by olitis1

Do you think bigpoint have created a "virus" to steal your credit card information? It's clear, that's sarcasm.

if you knew , how corrupted darkrobit's staff is , you coudl probably belive this .

[K@mel]

Quote:

Originally Posted by Zetadarus

if you knew , how corrupted darkrobit's staff is , you coudl probably belive this .

Darkorbit staff has nothing common with BigPoint coders...