I received an email from an unknown person and opened an htm file in the attachment file. The following code executed :

<frameset onpageshow="document.location.replace(window.atob('aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg'));"> 

Did I just execute something that could harm my computer ?

Thank you,

Thomas

CodePudding user response：

This sets the window location to

https://musk.btcdonatver.site/?2447558.

Looks like a scam but not sure. Possible wont do any harm unless you do something by visiting to that link.

CodePudding user response：

It may be dangerous to open email attachments received from untrusted sources, in general.

In your code, in particular, the following is happening:

• window.atob API is called to decode aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg base64 encoded string. See https://developer.mozilla.org/en-US/docs/Web/API/atob for the API reference.
• Using the free online base64 decoder (https://www.base64decode.org/ for example) you may translate aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg and get https://musk.btcdonatver.site/?2447558 .
• On opening this page your browser may navigate to that URL, see document.location.replace API call
• Now, it depends on what https://musk.btcdonatver.site/?2447558 is doing.

Please, do not open attachments from unknown people and untrusted sources. They may contain malicious contents, phishing and content that may do damage otherwise.