【警告】華視首頁又被植入惡意連結

[sai7sai]

繼華視網站遭駭後，他們沒有找出安全漏洞，所以，現在首頁又被植入惡意連結。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息。(此惡意程式應該也會偷使用者帳號與密碼)

執行之後，有下面的行為 (與「手機王網頁又被植入惡意連結」是一樣的)：

[Added process]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

[DLL injection]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe (注入 svchost.exe 的執行程序)

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\CiKE.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\taskmgr.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\b0(29)[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\cike[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\dvbbs[1].mdb
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\2006692151148920[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\cike2[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\cike1[1].htm
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eCompress.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eImgConverter.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eLIB.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\HideProc.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\internet.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\krnln.fnr
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\Nhook.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\shell.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=svchost,Data=C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

詳細的資訊，請參考「大砲開講部落格」。

[黑衣~魂]

不知道他們想被入侵幾次才要改善......
如果不想處理乾脆把網頁收起來算了.....
什麼大電視公司阿.....一天到晚被入侵.....

[Briian]

應該把這訊息傳給他們的友台，應該會很樂意去幫忙宣傳這個毒窟吧 ？

[DIRECTNORM]

應該把這訊息傳給他們的友台，應該會很樂意去幫忙宣傳這個毒窟吧 ？

這個建議不錯喔～