|
Anyone ever see this with PHPList?
I have a buddy that I setup PHPlist for. A recent message I sent for him consisted of a letter that I copy and pasted from a Word file.
The email showed up fine for everyone that can view html, but I found out the message had the following code attached to it. (you could only see it in the message if you were viewing in plain text, or if you looked at the source code):
(I'll just post the first part, since there is a shitload of it)
�/////////// SEARCH ///////////
var g_aEng;
var g_loc;
// Initialize namespace, use existing context
var searchshield = searchshield || {};
searchshield.clockUrl;
// constants
searchshield.SCORE_SS_SAFE = 1;
searchshield.SCORE_SS_CAUTION = 2;
searchshield.SCORE_SS_WARNING = 3;
searchshield.SCORE_SS_BLOCK = 4;
searchshield.SCORE_SS_VERISIGN = 7;
searchshield.BLOCK_NONE = 0;
searchshield.BLOCK_NORMAL = 1;
searchshield.BLOCK_PHISH = 2;
searchshield.BLOCK_YAHOO = 3;
searchshield.XPLCHECK_RESULT_SEV_NONE = 0;
searchshield.XPLCHECK_RESULT_SEV_LOW = 1;
searchshield.XPLCHECK_RESULT_SEV_MED = 2;
searchshield.XPLCHECK_RESULT_SEV_BLOCK = 3;
searchshield.VERISIGN_SPLIT_NOTEST = 0;
searchshield.VERISIGN_SPLIT_TESTA = 1;
searchshield.VERISIGN_SPLIT_TESTB = 2;
searchshield.needLivePhishCheck = false;
searchshield.allowedSites = [];
searchshield.enabled = function (doc)
{
var result = searchshield.avgCallFunc(doc, 'GetSearchEnabled');
return (result == '1' ? 1 : 0);
};
searchshield.init = function (doc)
{
if ((doc == null) || (doc.location == null) ||
(doc.location.href.search(/about:/) != -1))
return;
if (!searchshield.enabled(doc))
return;
if (!g_aEng)
g_aEng =
searchshield.Search.prototype.detectEngine(doc.loc ation.href);
if (!g_aEng)
return;
// init search object (not declared or is null)
if (typeof xplSearch === 'undefined')
{
// global
xplSearch = new searchshield.Search();
// reset the links added flag
xplSearch.new_links = false;
xplSearch.doc = doc;
xplSearch.href = xplSearch.doc.location.href;
xplSearch.uri = searchshield.parseLink(xplSearch.href);
xplSearch.engine = new
searchshield[g_aEng+'SearchEngine'](xplSearch)
xplSearch.addEngine(xplSearch.engine);
searchshield.launch(doc);
}
if (doc.location.href != g_loc)
{
g_loc = doc.location.href;
if ((typeof xplSearch !== 'undefined') && (xplSearch != null))
searchshield.launch(doc);
}
};
searchshield.launch = function (doc)
{
// IE specific check
searchshield.quirksMode = (self.top.document.compatMode ==
'BackCompat');
searchshield.docMode =
parseInt(navigator.userAgent.split('MSIE')[1]);
if ((self === top) && (self.document === doc))
{
if (!xplSearch.engine)
return;
// set verdict display config
xplSearch.engine.setRatingsConfig(doc);
// init the alert popup
searchshield.initPopupAlert(doc);
if (xplSearch.engine.type != 'inline')
{
// save function reference for memory clean up later
var fn = function(event){avglsflyover.hide(null)};
//hide flyover if these events occur
window.detachEvent('onscroll', fn);
window.attachEvent('onscroll', fn);
doc.detachEvent('onkeydown', fn);
doc.attachEvent('onkeydown', fn);
}
// only start monitor on top doc
searchshield.avgPageMonitor.start(doc);
__________________________________________________ _______
What the hell is that crap? Is it just because I pasted from word without converting to plain text first? Or has the script been hacked? I scrolled through all the code and it doesn't look malicious, almost looks like some sort of antivirus log file.
|