Decoding Malware javascript

Question

My .php and .js files have been attacked twice in a month with some JavaScript code.

After going through this similar thread, I ran the JavaScript code posted there and found this decoding result.

Now there is 1 URL specified in the result. Could it possible that someone associated with that URL is the one who is injecting code in my files?

I've already restored files with clean backup and changed my FTP password - which, according to my hosting provider, was being used to inject code into the files.

Any tips on how to avoid future attacks?

This question appears to be off-topic because it is about Security. — Stolas, Sep 06 '13 at 10:54

score 4 · Answer 1 · answered Sep 06 '13 at 10:54

Yes, the domain is owned (or pwned, they could have hacked a site and use that to stay under the radar) by the group / individual that has attacked you. To avoid future attacker review your code, secure your passwords and check on this every one and then.

But, this is very much off-topic. You want the Security Stack Exchange and not this one. This one is about reverse engineering, so if the question would have been about the javascript decoding you did visit the right SE.

Good luck with securing your server

Hmm..that's what I thought. Thanks for your insights. – 403 Forbidden Sep 07 '13 at 10:41 — 403 Forbidden, Sep 07 '13 at 10:41

Decoding Malware javascript

1 Answers1