As a filter writer, there is a blurred line between blocking real attacks and Internet annoyances. For example, today's Internet advertisements often use the same obfusction tactics as attackers in order to avoid scrubbing by content filtering systems.
I have been doing some research on Peer-To-Peer (P2P) filters and came across something that illustrates this point very nicely. I came across the following trace that sent to a server that is on one of my IP watch lists:
0000 47 45 54 20 2F 63 67 69 2D 62 69 6E 2F 73 5F 77 GET /cgi-bin/s_w
0010 63 5F 63 6F 72 65 76 33 3F 76 3D 6D 26 74 3D 31 c_corev3?v=m&t=1
0020 20 48 54 54 50 2F 31 2E 31 0D 0A 41 63 63 65 70 HTTP/1.1..Accep
0030 74 3A 20 2A 2F 2A 0D 0A 52 65 66 65 72 65 72 3A t: */*..Referer:
0040 20 68 74 74 70 3A 2F 2F 67 61 6D 65 73 2E 73 69 http://games.si
0050 6E 61 2E 63 6F 6D 2E 63 6E 2F 69 66 72 61 6D 65 na.com.cn/iframe
0060 2F 32 30 30 38 2D 30 37 2D 30 39 2F 31 31 36 33 /2008-07-09/1163
0070 2E 73 68 74 6D 6C 0D 0A 41 63 63 65 70 74 2D 4C .shtml..Accept-L
0080 61 6E 67 75 61 67 65 3A 20 7A 68 2D 63 6E 0D 0A anguage: zh-cn..
0090 55 41 2D 43 50 55 3A 20 78 38 36 0D 0A 41 63 63 UA-CPU: x86..Acc
00A0 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A ept-Encoding: gz
00B0 69 70 2C 20 64 65 66 6C 61 74 65 0D 0A 55 73 65 ip, deflate..Use
00C0 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 r-Agent: Mozilla
00D0 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 6C 65 /4.0 (compatible
00E0 3B 20 4D 53 49 45 20 37 2E 30 3B 20 57 69 6E 64 ; MSIE 7.0; Wind
00F0 6F 77 73 20 4E 54 20 35 2E 31 3B 20 51 51 44 6F ows NT 5.1; QQDo
0100 77 6E 6C 6F 61 64 20 31 2E 37 3B 20 54 68 65 57 wnload 1.7; TheW
0110 6F 72 6C 64 29 0D 0A 48 6F 73 74 3A 20 77 6F 6F orld)..Host: woo
0120 63 61 6C 6C 2E 67 61 6D 65 73 2E 73 69 6E 61 2E call.games.sina.
0130 63 6F 6D 2E 63 6E 0D 0A 43 6F 6E 6E 65 63 74 69 com.cn..Connecti
0140 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A on: Keep-Alive..
0150 43 6F 6F 6B 69 65 3A 20 53 49 4E 41 47 4E 3D 30 Cookie: SINAGN=0
0160 7C 31 32 31 37 36 34 34 37 37 34 32 36 35 3B 20 |1217644774265;
0170 73 69 6E 61 52 6F 74 61 74 6F 72 2F 3D 32 33 3B sinaRotator/=23;
0180 20 53 49 4E 41 47 4C 4F 42 41 4C 3D 31 35 32 2E SINAGLOBAL=152.
0190 32 33 2E 36 31 2E 31 36 33 2E 33 32 31 30 32 31 23.61.163.321021
01A0 32 31 33 37 36 36 32 39 38 33 31 31 3B 20 76 6A 213766298311; vj
01B0 75 69 64 73 3D 35 62 31 34 66 39 38 33 39 2E 31 uids=5b14f9839.1
01C0 31 62 38 30 34 32 61 37 39 66 2E 30 2E 31 62 30 1b8042a79f.0.1b0
01D0 62 64 61 62 61 32 66 33 66 66 63 3B 20 76 6A 6C bdaba2f3ffc; vjl
01E0 61 73 74 3D 31 32 31 37 36 34 34 37 37 38 3B 20 ast=1217644778;
01F0 41 70 61 63 68 65 3D 31 35 32 2E 32 33 2E 36 31 Apache=152.23.61
0200 2E 31 36 33 2E 38 36 38 36 31 32 31 37 36 33 30 .163.86861217630
0210 32 33 33 36 37 32 3B 20 53 45 3D 39 43 41 41 36 233672; SE=9CAA6
0220 46 34 33 35 34 30 37 41 42 31 36 32 44 44 37 38 F435407AB162DD78
0230 45 43 37 42 43 45 45 32 37 33 46 37 36 37 37 42 EC7BCEE273F7677B
0240 36 36 44 30 30 35 34 36 36 41 35 41 42 41 32 39 66D005466A5ABA29
0250 39 31 30 42 33 44 34 42 30 35 44 42 32 43 45 33 910B3D4B05DB2CE3
0260 30 46 35 30 37 39 41 44 42 32 34 38 30 30 39 45 0F5079ADB248009E
0270 43 39 43 32 35 30 32 45 33 32 34 46 41 36 46 39 C9C2502E324FA6F9
0280 43 30 34 30 37 42 41 44 34 39 44 32 39 36 46 32 C0407BAD49D296F2
0290 38 39 43 30 36 38 32 42 35 37 38 30 44 42 35 39 89C0682B5780DB59
02A0 43 45 37 45 33 44 43 37 34 30 30 37 33 36 46 35 CE7E3DC7400736F5
02B0 35 45 41 33 37 36 33 31 38 36 34 3B 20 53 43 54 5EA37631864; SCT
02C0 3D 31 31 3B 20 53 41 3D 30 25 37 43 30 25 37 43 =11; SA=0%7C0%7C
02D0 30 25 37 43 30 25 37 43 31 25 37 43 31 25 37 43 0%7C0%7C1%7C1%7C
02E0 31 25 37 43 31 25 37 43 30 25 37 43 31 25 37 43 1%7C1%7C0%7C1%7C
02F0 30 25 37 43 30 25 37 43 31 25 37 43 30 25 37 43 0%7C0%7C1%7C0%7C
0300 30 25 37 43 30 25 37 43 31 25 37 43 30 25 37 43 0%7C0%7C1%7C0%7C
0310 30 25 37 43 30 25 37 43 30 25 37 43 30 25 37 43 0%7C0%7C0%7C0%7C
0320 30 25 37 43 30 25 37 43 30 25 37 43 30 3B 20 50 0%7C0%7C0%7C0; P
0330 53 3D 30 3B 20 53 55 3D 25 45 35 25 41 44 25 39 S=0; SU=%E5%AD%9
0340 39 25 45 39 25 39 44 25 39 36 25 45 34 25 42 38 9%E9%9D%96%E4%B8
0350 25 42 30 3A 32 3A 31 32 37 36 38 33 35 38 32 37 %B0:2:1276835827
0360 3A 66 68 66 79 75 3A 31 32 31 37 36 33 30 32 38 :fhfyu:121763028
0370 34 3A 31 3A 31 39 32 32 2D 30 35 2D 32 36 3A 3B 4:1:1922-05-26:;
0380 20 53 49 4E 41 50 52 4F 3D 66 71 32 6D 66 4D 38 SINAPRO=fq2mfM8
0390 4D 44 25 33 44 37 57 6D 44 78 46 25 32 35 37 25 MD%3D7WmDxF%257%
03A0 32 35 25 32 35 78 32 39 57 39 77 37 25 33 44 52 25%25x29W9w7%3DR
03B0 32 4A 25 32 35 65 78 79 37 4A 25 33 44 32 4D 69 2J%25exy7J%3D2Mi
03C0 52 25 32 36 6C 7A 4D 37 32 77 25 33 44 25 32 35 R%26lzM72w%3D%25
03D0 39 4A 25 32 31 37 6D 77 25 32 35 39 25 32 36 25 9J%217mw%259%26%
03E0 32 36 4D 6D 4A 4D 25 32 31 77 3B 20 55 4E 49 50 26MmJM%21w; UNIP
03F0 52 4F 55 3D 32 3A 25 43 42 25 45 46 25 42 45 25 ROU=2:%CB%EF%BE%
0400 42 38 25 42 37 25 45 31 3A 30 3A 3A 31 3A 3B 20 B8%B7%E1:0::1:;
0410 6E 69 63 6B 3D 66 68 66 79 75 28 31 32 37 36 38 nick=fhfyu(12768
0420 33 35 38 32 37 29 3B 20 61 70 70 6D 61 73 6B 3D 35827); appmask=
0430 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 00000000
0440 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 00000004
0450 3B 20 67 65 6E 64 65 72 3D 31 3B 20 53 49 4E 41 ; gender=1; SINA
0460 2D 41 56 41 54 41 52 3D 30 25 37 43 30 25 37 43 -AVATAR=0%7C0%7C
0470 30 25 37 43 30 25 37 43 31 25 37 43 31 25 37 43 0%7C0%7C1%7C1%7C
0480 31 25 37 43 31 25 37 43 30 25 37 43 31 25 37 43 1%7C1%7C0%7C1%7C
0490 30 25 37 43 30 25 37 43 31 25 37 43 30 25 37 43 0%7C0%7C1%7C0%7C
04A0 30 25 37 43 30 25 37 43 31 25 37 43 30 25 37 43 0%7C0%7C1%7C0%7C
04B0 30 25 37 43 30 25 37 43 30 25 37 43 30 25 37 43 0%7C0%7C0%7C0%7C
04C0 30 25 37 43 30 25 37 43 30 25 37 43 30 3B 20 53 0%7C0%7C0%7C0; S
04D0 49 4E 41 50 52 4F 43 3D 31 3B 20 55 4E 49 50 52 INAPROC=1; UNIPR
04E0 4F 54 4D 3D 31 32 31 37 36 33 30 32 38 34 3B 20 OTM=1217630284;
04F0 53 49 4E 41 5F 4E 55 3D 3B 20 53 49 4E 41 5F 4F SINA_NU=; SINA_O
0500 55 3D 3B 20 53 49 4E 41 5F 55 53 45 52 3D 3B 20 U=; SINA_USER=;
0510 53 4D 53 5F 43 4F 4F 4B 49 45 3D 3B 20 53 49 44 SMS_COOKIE=; SID
0520 3D 3B 20 55 4E 49 50 52 4F 4D 3D 3B 20 67 5F 78 =; UNIPROM=; g_x
0530 5F 64 5F 6A 5F 73 3D 37 64 38 7C 37 7C 31 3B 20 _d_j_s=7d8|7|1;
0540 73 69 6E 61 52 6F 74 61 74 6F 72 2F 3D 32 33 0D sinaRotator/=23.
0550 0A 0D 0A ...
This seemed strange, so I pulled down the source from the above cgi-bin and found this:
function Bgfhp(){var S_WC_EMBED_CORE=function(){this.Init.apply(this,arguments);};S_WC_EMBED_CORE.prototype={bY:false,Init:function(bY,cl){this.cl=cl;this.bY=bY;this.bX=this.Z();if(this.bX){this.ag();}else S_WC_EMBED_CORE=null;},Z:function(){var aC=/http:\/\/([A-Za-z0-9\-\.]+)(.sina.com.cn)\//ig;var ci=document.location.href;var bo=ci.indexOf('?');if(bo!=-1)ci=ci.substr(0,bo);var bp=ci.indexOf('#');if(bp!=-1)ci=ci.substr(0,bp);if(!aC.test(ci)){return false;}return true;},ag:function(){var ak=newUtil.aO;this.bY=ak.am(this.bY,this.cl.P,true);window.document.woocall_
swf_file.SetVariable("Probe",this.bY);}}; var WCEmbedCore = new S_WC_EMBED_CORE('999e69a3b8e9231ea48de6f141d1d3c7fdd567a5',S_WC.EmbedConf);}Bgfhp();
This looks more like bad programming than anything, so I decided to check out the HTTP Referer, and I was directed to a a Flash application:
a Backdoor perhaps? Let's look at the source code that creates this little gem:
<!--[442,2,9] published at 2007-08-13 11:19:29 from #237 by 1786-->
if(typeof Util=='undefined')Util={};Util.aO=function(){this.Init.apply(this,arguments);};Util.aO.prototype={Init:function(){},au:function(v,w){var bs=v.length;var aK=v[bs-1]&0xffffffff;for(var i=0;i<bs;i++){v[i]=String.fromCharCode(v[i]&0xff,v[i]>>>8&0xff,v[i]>>>16&0xff,v[i]>>>24&0xff);}if(w){return v.join('').substring(0,aK);}else{return v.join('');}},bq:function(s,w){var ce=s.length;var v=[];for(var i=0;i<ce;i+=4){v[i>>2]=s.charCodeAt(i)|s.charCodeAt(i+1)<<8|s.charCodeAt(i+2)<<16|s.charCodeAt(i+3)
<<24;}if(w){v[v.length]=ce;}return v;},am:function(cg,at,as){if(cg==""){return "";}if(as)cg=this.aq(cg);var v=this.bq(cg,false);vark=this.bq(at,false);var n=v.length-1;var z=v[n-1],y=v
[0],bh=0x9E3779B9;var bU,e,q=Math.floor(6+52/
(n+1)),cc=q*bh&0xffffffff;while(cc!=0){e=cc>>>2&3;for(var p=n;p>0;p--){z=v[p-1];bU=(z>>>5^y<<2)+(y>>>3^z<<4)^(cc^y)+(k[p&3^e]^z);y=v[p]=v[p]-bU&0xffffffff;}z=v[n];bU=(z>>>5^y<<2)+(y>>>3^z<<4)^(cc^y)+
(k[p&3^e]^z);y=v[0]=v[0]-bU&0xffffffff;cc=cc-bh&0xffffffff;}return
this.au(v,true);},aq:function(h){var r="";for(var i=(h.substr(0,2)=="0x")?2:0;i<h.length;i+=2)r+=String.fromCharCode(parseInt
(h.substr(i,2),16));return r;}};if(typeof Util=='undefined')Util=
{};Util.by=function(){this.Init.apply(this,arguments);};Util.by.prototype={ar:0,o:"",cb:8,Init:function(){},bi:function(s){return this.ah(this.aj(this.aL(s),s.length*this.cb));},aj:function(x,ce){x[ce>>5]|=0x80<<(24-ce%32);x[((ce+64>>9)<<4)+15]=ce;var w=Array(80);var a=1732584193;var
b=-271733879;var c=-1732584194;var d=271733878;var e=-
1009589776;for(var i=0;i<x.length;i+=16){var ax=a;var ay=b;var az=c;var aA=d;var aB=e;for(var j=0;j<80;j++){if(j<16)w[j]=x[i+j];else w[j]=this.bH(w[j-3]^w[j-8]^w[j-14]^w[j-16],1);var
t=this.cf(this.cf(this.bH(a,5),this.aI(j,b,c,d)),this.cf(this.cf
(e,w[j]),this.aJ(j)));e=d;d=c;c=this.bH(b,30);b=a;a=t;}a=this.cf
(a,ax);b=this.cf(b,ay);c=this.cf(c,az);d=this.cf(d,aA);e=this.cf
(e,aB);}return Array(a,b,c,d,e);},aI:function(t,b,c,d){if(t<20)return(b&c)|((~b)&d);if(t<40)return b^c^d;if(t<60)return(b&c)|(b&d)
|(c&d);return b^c^d;},aJ:function(t){return(t<20)?1518500249:(t<40)?1859775393:(t<60)?-1894007588:-899497514;},cf:function(x,y)
{var bl=(x&0xFFFF)+(y&0xFFFF);var aw=(x>>16)+(y>>16)+(bl>>16);return(aw<<16)|(bl&0xFFFF);},bH:function(bm,bg){return(bm<<bg)|(bm>>>(32-bg));},aL:function(cg){var aX=Array();var av=(1<<this.cb)-1;for(var i=0;i<cg.length*this.cb;i+=this.cb)aX[i>>5]
|=(cg.charCodeAt(i/this.cb)&av)<<(32-this.cb-i%32);return
aX;},ah:function(bD){var bj=this.ar?"0123456789ABCDEF":"0123456789abcdef";var cg="";for(var
i=0;i<bD.length*4;i++){cg+=bj.charAt((bD[i>>2]>>((3-i%4)*8+4))&0xF)+bj.charAt((bD[i>>2]>>((3-i%4)*8))&0xF);}return cg;}};if(typeof
S_WC=='undefined')S_WC={};if(typeof $=='undefined')$=function(id){return document.getElementById(id)};if(typeof $C=='undefined')$C=function(t){return document.createElement(t)};if(typeof $S=='undefined')$S={};S_WC.EmbedConf={bA:false,cj:{bZ:'sml_emb_testing',bP:'http://image2.sina.com.cn/woocall/cli/',aS:'.swf',bz:'woocall_swf_file',bK:'S_WC_EMBED_BOX',bL:400,bJ:300,l:10
,g:true},cd:false,T:'_SP',I:false,D:'_CL',aU:'http://image2.sina.com
.cn/ent/woocall/Theme/',K:36,A:14,f:'_CtrlBtn',C:'_ChatBox',bx:'S_WC
',aQ:14,aW:'_USRTOK',S:6,aV:0,P:'9icn4po62xa2nbcd',bv:0,F:'/cgi-
bin/s_wc_corev3?v=m&t=1'};if(typeof Util=='undefined')Util=
{};Util.bk=(navigator.appName.indexOf("Microsoft",0)!=-1)?true:false;Util.aD=function(aM,an){var bd="ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";var
bf=bd+"0123456789";var bG='';for(var i=0;i<aM;i++){var bW=Math.floor(Math.random()*bf.length);if(an&&i==0)bG+=bd.substring
(bW,bW+1);else bG+=bf.substring(bW,bW+1);}return
bG;};Util.aG=function(name,value,expires,bn,domain,aE){var al=name+"="+escape(value)+((expires)?";
expires="+expires.toGMTString():"")+((bn)?"; bn="+bn:"")+
((domain)?"; domain="+domain:"")+((aE)?";
aE":"");document.cookie=al;};Util.ao=function(name){var bT=document.cookie;var prefix=name+"=";var ca=bT.indexOf("; "+prefix);if(ca==-1){ca=bT.indexOf(prefix);if(ca!=0)return null;}else ca+=2;var bE=document.cookie.indexOf(";",ca);if(bE==-1)bE=bT.length;return unescape(bT.substring
(ca+prefix.length,bE));};function LdCfg(bu){if(typeof SINA_WOOCALL_CONFIG!='undefined'){if(SINA_WOOCALL_CONFIG.StandPoint&&SINA_WOOCALL_CONFIG.StandPoint.L&&S
INA_WOOCALL_CONFIG.StandPoint.R){bu.cd={L:SINA_WOOCALL_CONFIG.StandPoint.L,M:SINA_WOOCALL_CONFIG.StandPoint.M?SINA_WOOCALL_CONFIG.StandPoint.M:false,R:SINA_WOOCALL_CONFIG.StandPo
int.R}}if(SINA_WOOCALL_CONFIG.CustomURL)
{bu.aP=SINA_WOOCALL_CONFIG.CustomURL;}if(SINA_WOOCALL_CONFIG.Conn){bu.bv=1;}}};function LdBoxCfg(){if(typeof SINA_WOOCALL_CONFIG!='undefined'){if(SINA_WOOCALL_CONFIG.EmbedBox&&SINA_WOOCALL_CONFIG.EmbedBox.MyId&&SI
NA_WOOCALL_CONFIG.EmbedBox.MyWidth&&SINA_WOOCALL_CONFIG.EmbedBox.MyH
eight){var B={N:SINA_WOOCALL_CONFIG.EmbedBox.MyId,V:SINA_WOOCALL_CONFIG.EmbedBox.MyWidth,J:SINA_WOOCALL_CONFIG.EmbedBox.MyHeight};return B}else
return false;}return false;};function woocall_swf_file_DoFSCommand
(ai,bC){switch(ai){case 'InitApp':S_WC.EmbedUI.Q(bC);break;}};if(Util.bk){document.write('<SCRIPT event=FSCommand(ai,bC) for='+S_WC.EmbedConf.cj.bz+'>');document.write
('woocall_swf_file_DoFSCommand(ai, bC);');document.write('</SCRIPT>');}S_WC.EmbedUI=function(){this.Init.apply(this,arguments);};S_WC.EmbedUI.Q=function(bC){var s=$C('script');s.src='http://'+bC+S_WC.EmbedConf.F;s.type='text/javascript';document.body.appendChild(s);};S_WC.EmbedUI.prototype=
{cl:null,df:null,bR:null,aZ:null,ba:true,Init:function(cl){this.cl=cl;if(this.cl.bA)this.cl.cj.bP=this.cl.cj.bP+this.cl.bA+'/';this.bX=true;this.aZ=this
.cl.bx;this.df=this.ac();this.ba=Util.bk;},H:function(){this.bb();this.ae();this.af();},aF:function(bK,bL,bJ)
{this.cl.cj.bK=bK;this.cl.cj.bL=bL;this.cl.cj.bJ=bJ;},aH:function(n,be){if(typeof be=='string'){this.cl.aU=be;}var ci=this.cl.aU+n+'/';this.cl.aT=
{U:ci+'boxlogo.gif',G:ci+"wc_style_embed.css"};},ap:function(){if(!this.bR||this.bR.length==0){this.bb();}return this.bR;},af:function(){var width=this.cl.cj.bL;var height=this.cl.cj.bJ;this.Y.style.width=width+'px';this.W.style.widt
h=width+'px';this.aY.style.height=(height-this.cl.K-this.cl.A)
+"px";this.aY.style.width=width+'px';this.X.style.width=width+'px';}
,ae:function(){this.aa();var cj=$C('div');var bN=$C('div');var m=$C('div');var bw=$C('div');var bt=$C('div');$(this.cl.cj.bK).appendChild(cj);cj.className=this.aZ+this.cl.C;cj.appendChild
(bN);cj.appendChild(bw);cj.appendChild(bt);bN.className='Hnd';var
bO=document.title;if(bO.length>this.cl.aQ){bO=bO.substr(0,this.cl.aQ)+'..';}var O='<img align="absmiddle"
src="'+this.cl.aT.U+'" /> '+bO;var aN='<div
class="Title">'+O+'</div>';bN.innerHTML=aN;bt.className='Bottom';bw.
innerHTML=this.ap
();this.X=cj;this.Y=bN;this.aY=bw;this.W=bt;},aa:function(){bV=$C("link");bV.rel="stylesheet";bV.type="text/css";bV.href=this.cl.aT.G;var head=document.getElementsByTagName("head")[0];head.appendChild(bV);},ac:function(){var bM='';if(this.cl.df&&this.bX){bM=this.cl.df;}else if(this.cl.aP&&this.bX){var bI=new Util.by;bM=bI.bi
(this.cl.aP);this.eF=window.location.href;this.eF=this.eF.replace
("&","|");}else{this.eF=window.location.href;this.eF=this.eF.replace("&","|");if(this.cl.aV>0){this.eF=this.eF.substr(0,this.cl.aV);}var bI=new Util.by;bM=bI.bi(this.eF);}return bM;},ad:function(){var ci=window.location.href;var p=ci.indexOf('/',7);var domain='';if(p!=-1){domain=ci.substr(0,p);}else domain=ci;return domain;},ab:function(){var bF=new Date();bF.setTime(bF.getTime()+365*24*60*60*1000*50);var bQ=Util.ao(this.cl.bx+this.cl.aW);if(!
bQ){bQ=Util.aD(this.cl.S,true);Util.aG(this.cl.bx+this.cl.aW,bQ,bF,'/');}return bQ;},bc:function(ck){if(this.cl.cd&&this.bX){ck.push('&position1=');ck.push(this.cl.cd.L);if(this.cl.cd.M){ck.push('&position=');ck.push(this.cl.cd.M);}ck.push('&position0=');ck.push(this.cl.cd.R);}},bb:function(){var ef=this.ab();var ck=Array();vardomain=this.ad();if(this.cl.cd)
{this.cl.cj.bZ=this.cl.cj.bZ+this.cl.T;}if(this.cl.I){this.cl.cj.bZ=this.cl.cj.bZ+this.cl.D;}if(this.ba){ck.push('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/
swflash.cab#version=7,0,0,0" width="');ck.push("100%");ck.push('" height="');ck.push("100%");ck.push('" id="');ck.push(this.cl.cj.bz);ck.push('" align="middle"><param name="allowScriptAccess" value="always" />');ck.push('<param name="movie" value="');ck.push
(this.cl.cj.bP+this.cl.cj.bZ+this.cl.cj.aS);ck.push('?ChName=');ck.push(this.df);ck.push('&UsrTok=');ck.push(ef);ck.push('&Domain=');ck.push(domain);ck.push('&PgURL=');ck.push(escape(this.eF));ck.push('&isDirect=');ck.push(this.cl.bv);this.bc(ck);ck.push('" />');ck.push('<param name="quality" value="high" /><param name="bgcolor" value="#ffffff" />');ck.push('</object>');}else{ck.push('<embed src="');ck.push(this.cl.cj.bP+this.cl.cj.bZ+this.cl.cj.aS);ck.push('" FlashVars="');ck.push('ChName=');ck.push(this.df);ck.push('&UsrTok=');ck.push(ef);ck.push('&Domain=');ck.push(domain);ck.push('&PgURL=');ck.push(escape(this.eF));ck.push('&isDirect=');ck.push(this.cl.bv);this.bc(ck);ck.push('" quality="high" bgcolor="#ffffff" width="');ck.push("100%");ck.push('" height="');ck.push("100%");ck.push('" name="');ck.push(this.cl.cj.bz);ck.push('" align="middle" allowScriptAccess="always"swLiveConnect="true" type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer" />');}
this.bR=ck.join('');}};function S_WC_EMBED_Creese(){S_WC.EmbedConf.bA='0_2_REV3';LdCfg(S_WC.EmbedConf);var bB=new S_WC.EmbedUI(S_WC.EmbedConf);bB.aH('Grey2');var bS=LdBoxCfg();if(bS){bB.aF(bS.N,bS.V,bS.J);bB.H();}};S_WC_EMBED_Creese(); Lots of interesting tricks going on here. This software seems to be a P2P chat program that allows you to chat with people that are currently viewing the same web page as you are. I found it used on the Super Girl TV show website. Seems rather innocent, but until you understand exactly what the above code does, would you use it? Is it merely obfuscation? These are the types of questions that filter writers at DVLabs have to answer on a case-by-case basis, and questions that I'll be spending some time on for the above example. So, back to work!
