【警告】華視首頁又被植入惡意連結



贊助商連結


sai7sai
2007-02-25, 02:30 PM
繼華視網站遭駭後,他們沒有找出安全漏洞,所以,現在首頁又被植入惡意連結。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息。(此惡意程式應該也會偷使用者帳號與密碼)

執行之後,有下面的行為 (與「手機王網頁又被植入惡意連結」是一樣的):

[Added process]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

[DLL injection]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe (注入 svchost.exe 的執行程序)

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\CiKE.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\taskmgr.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\b0(29)[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\cike[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\dvbbs[1].mdb
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\2006692151148920[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\cike2[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\cike1[1].htm
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eCompress.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eImgConverter.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eLIB.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\HideProc.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\internet.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\krnln.fnr
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\Nhook.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\shell.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=svchost,Data=C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe

詳細的資訊,請參考「大砲開講部落格 (http://malware-test.com/blog/archives/2007/02/25/647)」。

:boldred:

贊助商連結


黑衣~魂
2007-02-25, 06:47 PM
不知道他們想被入侵幾次才要改善......
如果不想處理乾脆把網頁收起來算了.....
什麼大電視公司阿.....一天到晚被入侵.....

Briian
2007-02-25, 11:20 PM
應該把這訊息傳給他們的友台,應該會很樂意去幫忙宣傳這個毒窟吧 ?

DIRECTNORM
2007-02-26, 10:29 AM
應該把這訊息傳給他們的友台,應該會很樂意去幫忙宣傳這個毒窟吧 ?

這個建議不錯喔~ :D