1

I received an attachment on mail with the below script. What does it do?

The code was enclosed in a html script

window.location.assign("data:text/html;base64,

BASE64 here

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
E. Sibilike
  • 11
  • 1
  • 5
    It's a base64 encoded HTML page which pretends to be the Adobe login page, in the hope that you'll enter your credentials, which are then sent to a presumably malicious site. There are quite a few questions around about decoding JS attachments like this, so this will probably be closed as a duplicate. – Matthew Feb 10 '17 at 17:00
  • @Matthew I was about to post the decoded version (in code block), but well, if it's a dupe :p For OP: you can copy the base64 content in https://www.base64decode.org/ if youwant to see the HTML/javascript code. – Tensibai Feb 10 '17 at 17:03

1 Answers1

0

It is a base 64 encoding for an HTML five web page with the following content:

Sign in with your email and password.

Receiver's Email Address

Password

Stay signed in
Uncheck on public devices.
This PDF is protected VIEW FILE

Sign in with your receiving Email and Password.

click You can see the html page if you copy and paste the encoded base 64 into https://www.base64decode.org/ and then copy and paste the decoded result into a file and open it with a browser.

There is a JavaScript URL that returns an error:

<Error>
    <Code>NoSuchKey</Code>
    <Message>The specified key does not exist.</Message>
    <Key>renga-&</Key>
    <RequestId>DE746594286EECD9</RequestId>
    <HostId>
        SI3jiVV8+qsJR19JyD0fo+qXukQtBkoGl5wEyOlw8Ei2pGsCdm5O1qnTaz6+YQxp73pItZfPegQ=
    </HostId>
</Error>

It may have been a security risk once, but it appears to be benign at this point. Nonetheless, I would not select or do any other actions other than "inspect" on any HTML elements when viewing the page.

In general, I delete all emails with attachments. If someone wants to share a document, they can post it online as a PDF or HTML. If a picture, they can share it on a social network or send it as a Facebook attachment it.

Email is a horrible communication device from a security point of view. It arose as a messaging device during a time when only research labs, defense systems, and major universities used networking at all. Transition away from it if you can.

Douglas Daseeco
  • 614
  • 3
  • 17