Unless the the google result, the reference I found, and the filename is an elaborate ruse to deflect suspicion, the little clues sort of make sense.
Js redirector bkg password#
It appears that it's a bot detection framework that eBay uses on the signin page that watches mouse movements, keystrokes, timings, etc (similar to newest google recaptchas) to transparently determine if a bot is poking at the signin form, a human fumbling around, or the human's password manager entering data. Off to google to find out what roboradar is. Noted a reference to "roboradar iframe" near the end of the file.
Js redirector bkg code#
They are now one entity, hence why this js redirector is being picked up by both.Įven when it was flagged and the threat was stopped, it still allowed me to log in and everything seemed normal.Įbay.com/rdr/js/s/ is a file on eBay servers, and unless there has been a breach and the servers are pwned, it is presumed to be a legitimate eBay file.įound a few tidbits in that file (picking through human readable bits - no progress setting things up somehow to get the code to deobfuscate itself) I think since Avast aquired AVG in 2016, they pretty much have become the same products.
Js redirector bkg update#
I am on the ESR update channel, but someone else said the update seems to have worked (firefox v60.0.02 ). Thanks for sharing your thoughts! AVG updated today 6-7 and I cleaned all cache ect. Wouldn't expect anything until morning unless a blue happens to pay attention and wants to respond even though there may be nothing that he/she can do (guessing tech staff is also M-F 9-5)Īddendum: read more closely all the posts and appears in this thread Avast is also involved. Highly doubtful that anything terrible is happening if nothing else out of the hundreds of AV/malware suites is finding anything.Īddendum: read more closely all the posts and appears in this thread Avast is also support here pretty much operates on Pacific Time business hours. In general, I don't think anyone should panic. (I have got to get some listings done, but this is another good procrastination opportunity Guess I'll take a look and see if I can figure anything out. Have not seen that script actually called in my eBay travels, but wouldn't anyway unless I did get redirected or trojaned (no AV running to throw warnings and no other manually set traps set).
I'm not good enough with JavaScript debugging to walk through it in a debugger and figure out what it's doing (and that may be why the Firebug thing in the code - that may be built in code to detect debugging attempts and thwart them), but may take a stab at it.ĭon't know at this point. The only way to decipher it is to be really good with JavaScript coding and debugging, or to run it and look for results of some variety (good or bad).Īny legitimate eBay code shouldn't look like that though IMO. It's what looks like over a thousand (short) lines of pretty much totally obfuscated JavaScript, with what looks like some calls to launch Java application(s) (downloaders?), something referencing FIrebug in Firefox (old standalone version of what is now built in webdeveloper tools in Firefox), and the rest is a horrible mess of obfuscated function calls, url encoded strings, and basically unreadable and indecipherable.
However, I just took a look at /rdr/js/s/ and now I'm not so sure. I posted a general response on the PS board (I believe) earlier, indicating that evidence so far made it appear it was just another AVG (and Avast?) false positive detection, that that js file was not found to contain anything malicious by any online resources I checked it with, the fact that it IS only AVG (and Avast?) flagging it (neither of which I put much faith in), leads me to believe it is a false positive again this time. Wouldn't expect anything until morning unless a blue happens to pay attention and wants to respond even though there may be nothing that he/she can do (guessing tech staff is also M-F 9-5) EBay support here pretty much operates on Pacific Time business hours.
0 kommentar(er)
