Invisible code sticks forever

Monday, August 24, 2015 · 1 minute · 190 words

A few months ago, I read an article about brain training by learning a new language : very interesting story about William Alexander who failed to learn french but strenghten his brain trying to.

But this is not the subject of this post. As I finished to read the article, I tried to reach William Alexander’s website and was redirected to a crappy chineese online store. I immediately thought he was hacked and after reading the page source code, I find this piece of script :

<script type="text/javascript">
var language = navigator.browserLanguage?navigator.browserLanguage:navigator.language;
if (language.indexOf('en') > -1) document.location.href = 'javascript:void(0)';
document.location.href = '';

What’s going on here ? The code checks the browser language and redirects to the fraudulent site only if the language is anything other than english ! So, every time some non-english dude complains to William about this problem, William tries the site and accesses it successfully and just forget about it… The malicious code can stay here for months, with just a little trick but very annoying result !

And for the record, I, of course, alerted William and he removed the malicious code …

Javascript web