Obfuscated JavaScript Found on Web Page

I got a call from a friend who has a large shopping cart web site. After a while a page would not load and you had to do a page refresh to show the page.

I'm not a html guy but can fumble around and understand the basics.

I started with firebug and found they were calling a chat service that was failing. I then checked all the web pages that had been altered since the setup of the site and deleted the chat script.

However on the same page I found the following script:

var _0x3fba = [

if ( Math[ _0x3fba[1] ]( ( Math[ _0x3fba[0] ]() * 3 ) + 1 ) == 3 ) {
    document[ _0x3fba[3] ]( _0x3fba[2] );
    window[ _0x3fba[4] ]();

After some googling I am led to believe this is Obfuscated javascript. We held our breath (it's a large site with lots of traffic) and deleted the above script and the problem went away and the site runs a lot faster.

So the million dollar question is what is this script actually doing.

I tried some online deObfuscaters but got nothing.


if (Math.floor((Math.random() * 3) + 1) == 3) {
    document.write('<script type="text/undefined">');

not very interesting really.


If you execute:


You'll get

["random", "floor", "<script type="text/undefined">", "write", "stop"]

so the code do:

if (Math["floor"]((Math["random"]()*3)+1)==3) {
   document["write"]('<script type="text/undefined">');

The code, print <script type="text/undefined"> randomly and stop loading the page, maybe it try to crash the page randomly.


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.