[Dshield] port 1026-1031 update

Bjorn Stromberg bjorn at thechemistrylab.com
Wed Dec 3 17:04:09 GMT 2003


----- Original Message ----- 
From: "Bill McCarty" <bmccarty at pt-net.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, December 03, 2003 8:52 AM
Subject: Re: [Dshield] port 1026-1031 update


> The web page offering the program contains obfuscated Javascript that
> conceals its workings. Another list participant and I have independently
> made progress toward unobfuscating the code. But, neither of us yet has a
> complete decode.

First the javascript at the top... It appears to display a blank page if you
download the webpage and try to view it from your hard drive. it also
disables right click. If you try to print the page it hides everything so
you print blank pages. It also copies one blank space into your clipboard if
you try to copy and paste the site. Yes, it's all very very sad. Not
malicious, just sad.

The html isn't scary at all either.

function nem(){return true};window.onerror = nem;function hp_ndd(){return
false}document.ondragstart=hp_ndd;function
hp_dc(){hp_ta.createTextRange().execCommand("Copy");setTimeout("hp_dc()",300
)}if(navigator.appName.indexOf("Internet
Explorer")==-1||navigator.userAgent.indexOf("MSIE")!=-1){if(document.all&&na
vigator.userAgent.indexOf("Opera")==-1){document.write('<div
style="position:absolute;left:-1000px;top:-1000px"><input type="textarea"
name="hp_ta" value=" " style="visibility:hidden"></div>');hp_dc()}}function
hp_dp1(){for(i=0;i<document.all.length;i++){if(document.all[i].style.visibil
ity!="hidden"){document.all[i].style.visibility="hidden";document.all[i].id=
"hp_id"}}};function
hp_dp2(){for(i=0;i<document.all.length;i++){if(document.all[i].id=="hp_id")d
ocument.all[i].style.visibility=""}};window.onbeforeprint=hp_dp1;window.onaf
terprint=hp_dp2;if(navigator.userAgent.indexOf("Opera")!=-1)window.location=
"about:blank";if(frames){if(top.frames.length>0)top.location.href=self.locat
ion;}if(navigator.appName.indexOf("Internet
Explorer")!=-1&&navigator.userAgent.indexOf("MSIE")==-1)hp_ok=false;function
hp_dn(a){return false}function hp_cm(){alert("Sorry, that function is
disabled.");return false}function
hp_md(e){if(e.which==2||e.which==3){alert("Sorry, that function is
disabled.");return
false}if(e.which==1){window.captureEvents(Event.MOUSEMOVE);window.onmousemov
e=hp_dn}}function
hp_mu(e){if(e.which==1){window.releaseEvents(Event.MOUSEMOVE);window.onmouse
move=null}}if(navigator.appName.indexOf("Internet
Explorer")==-1||navigator.userAgent.indexOf("MSIE")!=-1){if(document.all){do
cument.oncontextmenu=hp_cm;document.onselectstart=hp_dn}if(document.layers){
window.captureEvents(Event.MOUSEUP|Event.MOUSEDOWN);window.onmousedown=hp_md
;window.onmouseup=hp_mu}if(document.getElementById&&!document.all){document.
oncontextmenu=hp_cm;document.onmousedown=hp_dn}}function
ni(){if(document.all){document.onselectstart=function (){return
false};setTimeout("ni()",200);}};ni();function
hp_nls(){window.status="";setTimeout("hp_nls()",10)}hp_nls();if(window.locat
ion.href.substring(0,4)=="file")window.location="about:blank";

<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td>

<p align="center"><img border="0" src="images/header.gif" width="410"
height="171"></p>

<p align="center">
<a
onmouseover="document['fpAnimswapImgFP5'].imgRolln=document['fpAnimswapImgFP
5'].src;document['fpAnimswapImgFP5'].src=document['fpAnimswapImgFP5'].lowsrc
;"
onmouseout="document['fpAnimswapImgFP5'].src=document['fpAnimswapImgFP5'].im
gRolln" href="index.htm">
<img border="0" src="menu/navHome.gif" id="fpAnimswapImgFP5"
name="fpAnimswapImgFP5" dynamicanimation="fpAnimswapImgFP5"
lowsrc="menu/navHome-over.gif" width="94" height="32"></a><a
onmouseover="document['fpAnimswapImgFP7'].imgRolln=document['fpAnimswapImgFP
7'].src;document['fpAnimswapImgFP7'].src=document['fpAnimswapImgFP7'].lowsrc
;"
onmouseout="document['fpAnimswapImgFP7'].src=document['fpAnimswapImgFP7'].im
gRolln" href="download.htm"><img border="0" src="menu/navDownload.gif"
id="fpAnimswapImgFP7" name="fpAnimswapImgFP7"
dynamicanimation="fpAnimswapImgFP7" lowsrc="menu/navDownload-over.gif"
width="130" height="32"></a><a
onmouseover="document['fpAnimswapImgFP8'].imgRolln=document['fpAnimswapImgFP
8'].src;document['fpAnimswapImgFP8'].src=document['fpAnimswapImgFP8'].lowsrc
;"
onmouseout="document['fpAnimswapImgFP8'].src=document['fpAnimswapImgFP8'].im
gRolln" href="mailto:contact at PopAdStop.com"><img border="0"
src="menu/navContact.gif" id="fpAnimswapImgFP8" name="fpAnimswapImgFP8"
dynamicanimation="fpAnimswapImgFP8" lowsrc="menu/navContact-over.gif"
width="114" height="32"></a><br>
 </p>

</td></tr></table><table dir="ltr" border="0" cellpadding="0"
cellspacing="0" width="100%"><tr><td valign="top">
<div align="center">
  <center>
  <table border="0" cellspacing="0" style="border-collapse: collapse"
width="75%" id="AutoNumber1">
    <tr>
      <td>
        <p style="margin-top: 0; margin-bottom: 0">
        <b><font face="Arial" size="4">FREE OFFER!  (other people are
        selling these products!)</font></b></p>
        <p style="margin-top: 0; margin-bottom: 0">
        <font face="Arial">Due to all the positive feedback we've been
        receiving, we've decided to continue offering PopAdStop for free,
for as
        long as possible.  However, our operating expenses are starting to
climb, so
        if you can, please donate:</font></p>
        <div align="center">
          <center>
        <table border="0" cellspacing="1" width="1%" id="AutoNumber3">
          <tr>
            <td width="100%">
    <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
     <input type="hidden" name="cmd" value="_xclick">
     <input type="hidden" name="business" value="sales at neweststuff.com">
     <input type="hidden" name="item_name" value="Anti-spam services">
     <input type="hidden" name="no_shipping" value="1">
     <input type="hidden" name="return" value="http://www.popadstop.com/">
     <input type="hidden" name="cancel_return"
value="http://www.popadstop.com/">
     <input type="hidden" name="no_note" value="1">
     <input type="hidden" name="currency_code" value="USD">
     <input type="hidden" name="tax" value="0">
     <input type="image"
src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0"
name="submit" alt="Make payments with PayPal - it's fast, free and secure!"
width="62" height="31">
    </form>
            </td>
          </tr>
        </table>
          </center>
        </div>
        <font face="Arial">...we'd appreciate.  Anyway, we still want any
        <a href="mailto:feedback at PopAdStop.com">comments and feedback</a>
you
        care to give us.  Also, we would like to get more people to try our
e-mail spam
        filtering product, <b> <a target="_blank"
href="http://www.spamburner.net/">
        <font size="4" color="#008000">Spam</font><font size="4"
color="#FF0000">Burner</font></a></b>...
        <b>it helps to filter all the garbage out one's e-mail, and works
better
        than any regulation and legal attempts (unfortunately, anti-spam
laws
        are a laugh, because most spam comes from other countries.  ...how
can local
        laws prevent that?)</b></font><p style="margin-top: 0;
margin-bottom: 0"><b>
        <font face="Arial" size="4">JUST <a href="download.htm">CLICK HERE
TO DOWNLOAD
        PopAdStop</a> ALREADY, IT IS <font color="#FF0000">TOTALLY
FREE</font>!!!</font></b><p style="margin-top: 0; margin-bottom: 0">
        <b><font face="Arial" size="4" color="#FF0000">ATTENTION
SPAMMERS:</font></b><p style="margin-top: 0; margin-bottom: 0">
        <font face="Arial">We are aware that some of you are writing to us
        claiming to be regular people, and complaining with all sorts of
bogus
        claims (like being unable to install our free software, etc.),
swearing,
        and even threatening us, because some spammers think we will hurt
their 'businesses', by using some of the few legal
        techniques among the many methods employed by spammers, against the
        spammers.  So spammers, please don't waste your time or ours.
        We are morally obligated to make it possible for people to easily
stop
        unwanted advertising, and we will continue to do so!</font></td>
    </tr>
  </table>
  </center>
</div>

<p style="margin-top: 0; margin-bottom: 0"> </p>
<p align="center"><font face="Verdana"><b>What is a Messenger Pop-Up
Ad?</b></font></p>


<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:
collapse" width="100%" id="AutoNumber2">
  <tr>
    <td width="80%" colspan="2">
        <font face="Verdana"><b>What you should know about Messenger Pop-Up
ads:</b></font><ol>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Those are a fairly new form of
advertising on the
        internet.  They represent the future of Internet advertising, and
        we will most likely see tons of it eventually.</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Messenger pop-up ads most closely
        represent the Internet equivalent of television or radio
advertising,
        because they are not saved, and while your computer is connected to
the
        public Internet, it listens for such messages.</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Laws are useless to control or
regulate those advertisings,
        because the Internet is a public network that transcends national
        borders.  Pop-up ads can come from any country in the world, and no
        laws can stop them from coming to computers in your country from
        elsewhere.</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Also, advertisers in the USA are
        particularly well-protected, with the First Amendment rights
(Freedom
        of Speech and Free Press).  If that was overruled, most forms of
        advertising would become illegal, including TV and radio
ads.</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Whether your computer is in operation
or
        sits idle, those ads can appear on your screen.</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">If you have children, they could be
        subjected to
        pornography via those ads!</font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2">Only good software like ours, will
stop
        the pop-up ads from whatever country they come to your computer!
        <font color="#FF0000">Our simple program (Pop-Ad-Stop), provides a
        complete Opt-Out service that is FAR MORE EFFECTIVE than the
        "unsubscribe" or "Opt-Out" links
        some advertisers put in their messages, as it
        helps you stop *ALL* Messenger pop-up advertising, not just ads
        from a specific company.</font></font></p>
          </li>
          <li>
        <p class="bodybold" align="left" style="margin-bottom: 12">
        <font face="Verdana" size="2" color="#FF0000">Simply
        <a href="download.htm">download the
        <b>Pop-Ad-Stop</b> software</a> to protect yourself and your family
from those
        unwanted ads for good!</font></p>
          </li>
        </ol>
      </td>
    <td width="5%"> </td>
    <td width="33%">
    <p align="center"><b><font face="Verdana">Messenger Pop-Up
Screenshot</font></b></p>
    <p><img border="0" src="images/message.gif" width="360"
height="178"></td>
  </tr>
  <tr>
    <td width="100%" colspan="4">
    <p align="center"><b><i><font face="Verdana" size="2">
    <a target="_blank" href="http://www.spamburner.net/">To Terminate Junk
E-Mail, use
    SpamBurner, click here!</a></font></i></b></td>
  </tr>
  <tr>
    <td width="1%">
    <p><b><font face="Verdana">Program Screenshot</font></b></p>
    <p>
    <img border="0" src="images/screenshot.gif" width="327"
height="346"></td>
    <td width="64%" colspan="3">
        <p class="bodybold" align="left"><font face="Verdana"><b>
        How <font color="#FF0000">Pop-Ad-Stop</font> works:</b></font></p>
        <ol>
          <li>
          <p style="margin-bottom: 12"><font face="Verdana">Automatic
<b>TOTAL</b>
          protection from Messenger pop up ads.</font></li>
          <li>
          <p style="margin-bottom: 12"><font face="Verdana"> <b>
          <font color="#FF0000">Pop-Ad-Stop</font></b> is always present in
your
          system tray, therefore you are constantly protected against
          Messenger pop up ads.</font></li>
          <li>
          <p style="margin-bottom: 12"><font face="Verdana">Regardless of
the
          type of software used in sending those pop up ads, <b>
          <font color="#FF0000">Pop-Ad-Stop</font></b> will ALWAYS stop them
          cold.</font></li>
          <li>
          <p style="margin-bottom: 12"><font face="Verdana">Free software
updates for
          life, to expand the
          functionality of <b><font
color="#FF0000">Pop-Ad-Stop</font></b>.</font></li>
        </ol>
        <blockquote>
          <p><font face="Verdana"><b><a href="download.htm">Click here</a>
          to download <font
color="#FF0000">Pop-Ad-Stop</font></b></font></p>
        </blockquote>
      </td>
  </tr>
</table>

<p align="center"> </p>
<p align="center"><a target="_blank" href="http://www.spamburner.net/">
<img src="images/spamburn.gif" border="0" width="472" height="64"></a></p>

</td></tr></table><table border="0" cellpadding="0" cellspacing="0"
width="100%"><tr><td>

<p align="center"> </p>
<p align="center"><font face="Verdana" size="2">
<nobr><U>Home</U></nobr> <nobr><A HREF="download.htm"
TARGET="">Download</A></nobr> <nobr><A HREF="privacy_policy.htm"
TARGET="">Privacy Policy</A></nobr></font></p>
<p align="center">©<font face="Verdana" size="1"> 2002-2003 NewestStuff.com
LLC</font></p>

</td></tr></table></body>

</html>




More information about the list mailing list