|
|
|
|
|
|
by b101010
3198 days ago
|
|
|
The "malicious" code at the end of the advisory looks like nothing more than a beacon announcing it was installed? edit:
get current working directory
get username
get hostname
concatenate the last 3 together
obfuscate(/encrypt?) this string
send the result as a http request to 121.42.217.44 (the value of the base64 string)
|
|
|
# just toy, no harm :)