I like to watch javascript which works when I browse my web browser. Today I found what seems like malicious JS tracking using flash exploit from google server. It is located in the directory for the JS framework. This is not a basic CDN, but I still find it strange and possibly disturbing. (Keep in mind I'm new to JS)
It looks like "gu ng go", which after some Google search looks like a shadow marketing company IMO.
Here's the code (warning it for a very long time):
var _gunggo = _gunggo || {};
_gunggo.settings = _gunggo.settings || {}, _gunggo.lib = _gunggo.lib || {},
_gunggo.lib.attEvt = function(e, t, n, i) {
if ("undefined" != typeof e.addEventListener) return void e.addEventListener(
t, n, i);
if ("undefined" != typeof e.attachEvent) return void e.attachEvent("on" +
t, n);
if (t = "on" + t, "function" == typeof e[t]) {
var r = e[t];
e[t] = function() {
return r(), n()
}
} else e[t] = n
}, _gunggo.lib.detEvt = function(e, t, n, i) {
e.removeEventListener && e.removeEventListener(t, n, i), e.detachEvent &&
e.detachEvent("on" + t, n)
}, _gunggo.lib.attOnce = function(e, t, n) {
_gunggo.lib.attEvt(e, t, function() {
_gunggo.lib.detEvt(e, t, arguments.callee), n()
})
}, _gunggo.lib.rc = function(e) {
for (var t = e + "=", n = document.cookie.split(";"), i = 0; i < n.length; i++) {
for (var r = n[i];
" " == r.charAt(0);) r = r.substring(1, r.length);
if (0 == r.indexOf(t)) return r.substring(t.length, r.length)
}
return null
}, _gunggo.lib.sct = function(e, t, n, i) {
document.cookie = e + "=" + t + (n ? ";expires=" + n : "") + (i ?
";domain=." + i : "") + ";path=/"
}, _gunggo.lib.sch = function(e, t, n, i) {
if (n) {
var r = new Date;
r.setTime(r.getTime() + 60 * n * 60 * 1e3), r = r.toGMTString()
} else r = "";
_gunggo.lib.sct(e, t, r, i)
}, _gunggo.lib.saveFreq = function(e, t, n) {
try {
if (!e.freqcap) return;
var i = _gunggo.lib.rc(t) || 0,
r = new Date;
0 == i ? (r.setTime(r.getTime() + 60 * e.freqcap.duration * 60 *
1e3), r = r.toGMTString()) : (r = i.split("|")[1], i = i.split(
"|")[0]), "session" == e.freqcap.duration ? r = null : null,
i = parseInt(i) + 1 + "|", i += r ? r : new Date, _gunggo.lib.sct(
t, i, r, n)
} catch (o) {
_gunggo.settings.debug && console.log(
"check _gunggo.settings from " + arguments.callee + ": " +
o)
}
}, _gunggo.lib.passFreqCap = function(e, t) {
try {
var n = _gunggo.lib.rc(t);
return n ? n.split("|")[0] < e.freqcap.frequency ? !0 : !1 : !0
} catch (i) {
_gunggo.settings.debug && console.log(
"check _gunggo.settings from " + arguments.callee + ": " +
i)
}
}, _gunggo.lib.saveActiveViews = function(e, t, n) {
if (e.activeViews) {
var i = _gunggo.lib.rc(t) || 0;
_gunggo.lib.sch(t, parseInt(i) + 1, null, n)
}
}, _gunggo.lib.passActiveViews = function(e, t) {
try {
var n = _gunggo.lib.rc(t) || 0;
return _gunggo.lib.log("ActiveViews: " + n), n > e.activeViews
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.passBrowser = function(e) {
try {
for (var t = !1, n = 0; n < e.browser.length; n++)
if (_gunggo.lib.log(e.browser[n]), e.browser[n] == _gunggo.browser
.agent) {
t = !0;
break
}
return "inclusive" == e.browserTarget && t ? !0 : "exclusive" != e.browserTarget ||
t ? !1 : !0
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.passOS = function(e) {
try {
for (var t = !1, n = 0; n < e.os.length; n++)
if (_gunggo.lib.log(e.os[n]), e.os[n] == _gunggo.browser.OS) {
t = !0;
break
}
return "inclusive" == e.ostarget && t ? !0 : "exclusive" != e.ostarget ||
t ? !1 : !0
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.dynInsert = function(e, t, n, i) {
var r = document.createElement("javascript" == e ? "script" : "link");
r.type = "text/" + e, "javascript" == e ? (r.src = t, i && _gunggo.lib.attEvt(
r, "load", i)) : (r.href = t, r.rel = "stylesheet"), n ? r.async = !
0 : null;
var o = document.getElementsByTagName("script")[0];
o.parentNode.insertBefore(r, o)
}, _gunggo.lib.insertCss = function(e, t) {
_gunggo.lib.dynInsert("css", e, t)
}, _gunggo.lib.insertScript = function(e, t, n) {
_gunggo.lib.dynInsert("javascript", e, t, n)
}, _gunggo.lib.log = function(e) {
_gunggo.settings.debug ? console.log(e) : null
}, _gunggo.lib.jsonp = function(e, t, n) {
_gunggo.lib.insertScript(e + t, n)
}, _gunggo.lib.passGeo = function(e, t) {
var n = _gunggo.lib.rc("_g.geo");
return n ? _gunggo.lib.passGeoTestAux(t, n) : e ? void _gunggo.lib.sch(
"_g.geo", e.countryShortName, 720) : void _gunggo.lib.jsonp(
"http://directrev.cloudapp.net/Webservice/GetVisitorCountryForJson?jsoncallback=",
"_gunggo.lib.passGeo", !0)
}, _gunggo.lib.passGeoTestAux = function(e, t) {
try {
var n = e.countries,
i = !1;
for (var r in n) n[r].toUpperCase() == t.toUpperCase() && (i = !0);
return "exclusive" == e.geotarget && i ? !1 : "exclusive" != e.geotarget ||
i ? "inclusive" == e.geotarget && i ? !0 : !1 : !0
} catch (o) {
_gunggo.settings.debug && console.log("check _gunggo.settings: " +
o)
}
}, _gunggo.lib.getSiteIDByGeo = function(e, t) {
var n = _gunggo.lib.rc("_g.geo");
n || _gunggo.lib.jsonp(
"http://directrev.cloudapp.net/Webservice/GetVisitorCountryForJson?jsoncallback=",
"_gunggo.lib.passGeo", !0);
var r = e.price;
for (i = 0; i < r.length; i++) {
var o = r[i];
for (j = 0; j < o.geo.length; j++) n == o.geo[j] && (t = o.id,
_gunggo.lib.log("SiteID changed to " + o.id +
", country is " + n))
}
return t
}, _gunggo.browser = {
init: function() {
this.agent = this.searchString(this.dataBrowser) ||
"An unknown browser", this.version = this.searchVersion(
navigator.userAgent) || this.searchVersion(navigator.appVersion) ||
"an unknown version", this.OS = this.searchString(this.dataOS) ||
"an unknown OS"
},
searchString: function(e) {
for (var t = 0; t < e.length; t++) {
var n = e[t].str,
i = e[t].prop;
if (this.versionSearchString = e[t].versionSearch || e[t].id,
n) {
if (-1 != n.indexOf(e[t].subStr)) return e[t].id
} else if (i) return e[t].id
}
},
searchVersion: function(e) {
var t = e.indexOf(this.versionSearchString);
if (-1 != t) return parseFloat(e.substr(t + this.versionSearchString
.length + 1))
},
isMobile: function() {
return
/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino|android|ipad|playbook|silk/i
.test(navigator.userAgent || navigator.vendor || window.opera) ||
/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i
.test((navigator.userAgent || navigator.vendor || window.opera)
.substr(0, 4))
},
dataBrowser: [{
str: navigator.userAgent,
subStr: "Chrome",
id: "Chrome"
}, {
str: navigator.userAgent,
subStr: "OmniWeb",
versionSearch: "OmniWeb/",
id: "OmniWeb"
}, {
str: navigator.vendor,
subStr: "Apple",
id: "Safari",
versionSearch: "Version"
}, {
prop: window.opera,
id: "Opera",
versionSearch: "Version"
}, {
str: navigator.vendor,
subStr: "iCab",
id: "iCab"
}, {
str: navigator.vendor,
subStr: "KDE",
id: "Konqueror"
}, {
str: navigator.userAgent,
subStr: "Firefox",
id: "Firefox"
}, {
str: navigator.vendor,
subStr: "Camino",
id: "Camino"
}, {
str: navigator.userAgent,
subStr: "Netscape",
id: "Netscape"
}, {
str: navigator.userAgent,
subStr: "MSIE",
id: "Explorer",
versionSearch: "MSIE"
}, {
str: navigator.userAgent,
subStr: "Trident",
id: "Explorer",
versionSearch: "Trident"
}, {
str: navigator.userAgent,
subStr: "Gecko",
id: "Mozilla",
versionSearch: "rv"
}, {
str: navigator.userAgent,
subStr: "Mozilla",
id: "Netscape",
versionSearch: "Mozilla"
}],
dataOS: [{
str: navigator.platform,
subStr: "Win",
id: "Windows"
}, {
str: navigator.platform,
subStr: "Mac",
id: "Mac"
}, {
str: navigator.userAgent,
subStr: "iPhone",
id: "iPhone/iPod"
}, {
str: navigator.userAgent,
subStr: "iPad",
id: "iPad"
}, {
str: navigator.platform,
subStr: "Linux",
id: "Linux"
}, {
str: navigator.userAgent,
subStr: "android",
id: "Android"
}]
}, _gunggo.browser.init(), _gunggo.trace = {
time: []
}, _gunggo.trace.warn = function(e) {
var t = new Date;
this.time.push(t);
var n = null;
this.time.length > 1 && (n = "From last point: " + (this.time[this.time
.length - 1].getTime() - this.time[this.time.length - 2]
.getTime()) + "ms"), _gunggo.settings.debug && console.log(e, t
.getFullYear() + "-" + t.getMonth() + "-" + t.getDate() + " " +
t.getHours() + ":" + t.getMinutes() + ":" + t.getSeconds() +
":" + t.getMilliseconds(), n)
};
! function() {
var e = document,
t = _gunggo,
a = t.browser,
o = t.lib,
r = t.pop = t.pop || {
placeHolder: function(e) {
t.pop.trigger(e)
}
},
i = "//ad.directrev.com",
s = t.settings.pop = t.settings.pop || {};
s.kw = s.kw || "", s.ref = s.ref || "", s.type = s.type || "popunder", s.infinite =
s.premium || s.infinite || "", "undefined" == typeof a.flash && (a.flash = !
!navigator.mimeTypes["application/x-shockwave-flash"]), t.settings.detection &&
blockAdBlock.on(!0, function() {
i = "//www.iamfine.pw"
}), e.evtL = e.evtL || {}, e._attEvt || (e._attEvt = e.addEventListener,
e.addEventListener = function(t, a, n) {
e._attEvt(t, a, n), e.evtL[t] || (e.evtL[t] = []), e.evtL[t].push(
a)
}), e._detEvt || (e._detEvt = e.removeEventListener, e.removeEventListener =
function(t, a, n) {
e._detEvt(t, a, n);
var o = e.evtL[t];
o && o.length > 0 && o.splice(o.indexOf(a), 1)
}), o.attEvt(e, "mousedown", r.placeHolder, 1), o.attEvt(e, "click",
r.placeHolder, 1), o.attEvt(e, "touchstart", r.placeHolder, 1), (s.geotarget ||
s.price) && o.passGeo(), r.enableFlashHack = 0, r.url = function() {
var e = navigator,
a = screen;
return i + "/RealMedia/ads/adstream_sx.ads/" + t.settings.siteID +
"/1" + 1e17 * Math.random() + "@x10?uln=" + (e.language ? e.language :
e.userLanguage).toLowerCase() + "&je=" + e.javaEnabled() +
"&ce=" + e.cookieEnabled + "&sr=" + a.width + "x" + a.height +
"&kw=" + s.kw + "&ref=" + s.ref
}, r.lock = function(e) {
e = e || window.event;
var t = e.target || e.srcElement;
t = t && t.tagName ? t.tagName.toUpperCase() : 0, e.cancelBubble =
1, e.preventDefault && e.preventDefault(), e.stopImmediatePropagation &&
e.stopImmediatePropagation(), e.stopPropagation && e.stopPropagation(),
e.stop && e.stop()
}, r.evtSrc = function(e) {
e = e || window.event;
var t = e.target || e.srcElement;
return t && t.tagName ? t.tagName.toUpperCase() : 0
}, o.passClickDelay = function(e) {
return e = s || e, e.clickDelay > 0 ? (o.log("Number of clicks: " +
e.clickDelay), e.clickDelay--, !1) : !0
}, r.trigger = function(n) {
o.log("pop type: " + s.type);
var i = t.settings;
o.saveActiveViews(s, "_g.pop.views"), o.saveActiveViews = function() {};
try {
if (t.trace.warn("user " + n.type), r.pause) return;
if (o.rc("_g.pop.swap") == self.location.pathname) return void o
.attEvt(window, "beforeunload", function() {
o.sch("_g.pop.swap", "", -1)
});
if ("Chrome" != a.agent && "mousedown" == n.type || "Firefox" ==
a.agent && 2 == n.button) return;
if (s.ostarget && !o.passOS(s)) return;
if (s.mobileOnly && !a.isMobile()) return;
if (s.browserTarget && !o.passBrowser(s)) return;
if (s.freqcap && !o.passFreqCap(s, "_g.pop")) return;
if (s.activeViews && !o.passActiveViews(s, "_g.pop.views"))
return;
if (s.geotarget && !o.passGeo(null, s)) return;
if (s.price && (i.siteID = o.getSiteIDByGeo(s, i.siteID)),
function(e) {
return e === document ? 0 : e.className && e.className.toUpperCase()
.split(" ").indexOf("_SKIP") >= 0 ? 1 : arguments.callee(
e.parentNode)
}(n.target)) return void o.log("_skip detected", n);
if (s.clickDelay && !o.passClickDelay()) return;
t.trace.warn("pass checks", n), i.debug && 0 !== s.mode && (s.mode =
s.mode || 10), s.mode = !i.debug && (s.mode < 10 && 0 !==
s.mode || "undefined" == typeof s.mode) ? 10 : s.mode,
s.infinite && (s.mode = s.infinite), o.log("mode: " + s.mode)
} catch (l) {
return void o.log(l)
}
r.enableFlashHack && e.evtL[n.type].filter(function(e) {
return e != r.placeHolder
}).length > 0 && r.lock(n), "tab" == s.type && "Chrome" == a.agent ?
(r.botClick(r.url()), r.pause = 1, setTimeout(r.clear, 1)) : r.enableFlashHack &&
r.swf.PercentLoaded && r.swf.PercentLoaded() > 0 && "HTML" != n
.target.tagName.toUpperCase && "OBJECT" != n.target.tagName.toUpperCase ?
0 == n.button && (r.swf.style.width = r.swf.style.height =
"100%", setTimeout(function() {
r.swf.style.width = r.swf.style.height = "1px"
}, 500)) : r.clickHandler(n)
}, window.g367CB268B1094004A3689751E7AC568F = {}, window.g367CB268B1094004A3689751E7AC568F
.ExternalChromePop = r.clickHandler = function(e) {
e = e || window.event, r.pause = 1, t.trace.warn("new window");
var i = screen,
l = s.width || i.width,
c = s.height || i.height,
p = a.agent,
d = "tab" == s.type ? "" : "width=" + l + ",height=" + c +
",top=" + (i.height - c) / 2 + ",left=" + (i.width - l) / 2 +
",resizable=no,scrollbars=yes,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no";
if ("swaptab" != s.type) n = open(r.url(), "_blank", d);
else {
if (u = function(e) {
return e == document ? self.location : "A" == e.tagName
.toUpperCase() ? e.href : arguments.callee(e.parentNode)
}(e.target), !u) return;
o.sch("_g.pop.swap", self.location.pathname), n = open(u,
"_blank", ""), self.location = r.url()
}
var f = setInterval(function() {
r.closeOnEmpty(n, f)
}, 500);
setTimeout(function() {
r.clear(n)
}, 1), "popup" != s.type && ("Firefox" == p && n.window.open(
"about:blank").close(), "Explorer" == p && (n.blur(), n
.opener.focus()))
}, r.closeOnEmpty = function(e, t) {
if (o.rc("NoAd")) try {
e.close(), o.sct("NoAd", "",
"Thu, 01 Jan 1970 00:00:01 GMT"), clearInterval(t)
} catch (a) {}
}, r.clear = function(a) {
if (!a) return void o.log("fail to create new window");
t.trace.warn("clean up"), r.pause = 1;
var n = r.swf;
s.mode >= 0 && o.saveFreq(s, "_g.pop", s.domain ? s.domain : null),
s.infinite && (s.mode = s.infinite), s.mode <= 0 ? (o.detEvt(e,
"click", r.placeHolder, 1), o.detEvt(e, "mousedown", r.placeHolder,
1), o.detEvt(e, "touchstart", r.placeHolder, 1),
setTimeout(function() {
n && e.body.removeChild(n)
}, 200)) : setTimeout(function() {
s.mode = r.pause = 0, r.swf.style.visibility = "", t.trace
.warn("reopen start")
}, 1e3 * s.mode), n && (n.style.visibility = "hidden", n.style.width =
n.style.height = "1px")
}, r.botClick = function(t) {
var a = e.createElement("a"),
n = e.createEvent("MouseEvents");
a.href = t, n.initMouseEvent("click", !1, !0, window, 0, 0, 0, 0, 0, !
0, !1, !1, !0, 0, null), a.dispatchEvent(n)
}, r.flash = function() {
o.log("body loaded");
var t = HTMLElement.prototype,
a = e.createElement("param"),
n = e.createElement("object");
t.attr = t.setAttribute, a.attr("name", "allowscriptaccess"), a.attr(
"value", "always"), n.appendChild(a), a = e.createElement(
"param"), a.attr("name", "wmode"), a.attr("value",
"transparent"), n.appendChild(a), a = e.createElement(
"param"), a.attr("name", "allowfullscreen"), a.attr("value",
"true"), n.appendChild(a), n.attr("data",
"//az413505.vo.msecnd.net/images/pu.swf"), n.attr("style",
"position:fixed;width:1px;height:1px;z-index:999999;overflow:hidden;left:0px"
), e.body.insertBefore(n, e.body.firstChild), r.swf = n, e.removeEventListener(
"DOMContentLoaded", r.flash)
}, r.init = function() {
try {
o.detEvt(e, "mousedown", _gunggo.pop.open, 1), o.detEvt(e,
"click", _gunggo.pop.open, 1)
} catch (t) {}
}, r.clkPop = r.trigger, a.flash && "popunder" == s.type && "Chrome" ==
a.agent && "Mac" != a.OS && top.location == self.location && (e.body ?
r.flash() : e.addEventListener("DOMContentLoaded", r.flash), r.enableFlashHack =
1);
if (a.isMobile() && a.agent == "Safari") document.onclick = function() {
window.open(r.url(), "_blank")
};
}();
This is from a torrent site. Is this something I should tell Google or something else? The file is called bin.js and it has a query string completed to the end s = 0007778. This should not be hosted on the googleapis.com subdomain, right?
, SWF . SWF, , .