Avatar of LeighWardle
LeighWardleFlag for Australia asked on

Is this javascript a security risk?

Hi Experts,

I inadvertently clicked on an email attachment that contained something like this (I have deleted a lot of the characters, just in case):

<script language="javascript">document.write( unescape( '%3C%48%45%41%44%3E%0D%0A%..............0D%0A%3C%6D%65%74%61%20%48' ) );</script>

Open in new window

I ran it through a decoder, giving this:

<script language="javascript"><HEAD>
<meta HTTP-EQUIV="REFRESH" content="0.1; url=https://xyz.online/1/?e=my-email@some-domain.com">

Open in new window

Does execution of that attachment pose any sort of security risk?




Avatar of undefined
Last Comment
Julian Hansen

8/22/2022 - Mon
Dave Baldwin

It's certainly not desireable.  Did it show your real email address?

Yes, it showed my actual email address.
Dave - what are the consequences?
Dave Baldwin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Hi Dave,
Thanks for confirming my suspicions.
Your help has saved me hundreds of hours of internet surfing.
Julian Hansen

To add to what Dave said.

Basic rule. Everything is a potential malicious attack until proven otherwise - and even then be careful.

If you find JavaScript with document.write - don't trust it
If you find JavaScript using the eval or unescape commands or any other command that deals with what appears to be obfuscated code - don't trust it.

Unfortunately the times we live in people will go to great lengths to reap benefit at your expense while finding increasingly devious ways to hide what they are doing.

Unless there is significant benefit or requirement for you to expose yourself to code from an unknown / untrusted source -
don't touch it - and even then be suspicious.