瑞星网站每日安全播报(2009年6月26日) bbs.ikaka.com

networkedition - 2009-6-26 13:21:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不在分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://2.hffangchan.com/(合肥二手房 :::合肥房产,合肥房产网)
2. http://bbs.skyhu.com/(火狐游戏网，游戏尽精彩_SKYHU.com)
3. http://www.bloglady.cn/(时尚女性博客-女性博客-美女博客-知性女人)
4. http://www.china228.com/(好得网)

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

networkedition - 2009-6-26 13:22:00

关于:hxxp://2.hffangchan.com/shou_details.asp?id=73926解密的日志(全体输出 - 62):

Level 0>http://2.hffangchan.com/shou_details.asp?id=73926
Level 1>http://www.hffangchan.com/fcic_style/in_style.css ●
Level 1>http://www.ahzp.com ●
Level 1>http://www.hffangchan.com ●
Level 1>http://www.ianhui.com ●
Level 1>http://3b3.org/c.js
Level 2>http://vpsvip.com/aa/a100.htm
Level 3>http://vpsvip.com/aa/index.htm
Level 4>http://vpsvip.com/aa/b.htm
Level 5>http://vpsvip.com/aa/lengyin14.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/lb.htm
Level 5>http://vpsvip.com/aa/lengyin4.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/p.htm
Level 5>http://vpsvip.com/aa/pef.pdf
Level 4>http://vpsvip.com/aa/c.htm
Level 5>http://vpsvip.com/aa/lengyin19.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/q.htm
Level 5>http://vpsvip.com/aa/lengyin9.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/x.htm
Level 5>http://vpsvip.com/aa/lengyin8.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/ac.htm
Level 5>http://vpsvip.com/aa/lengyin20.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/o.htm
Level 5>http://vpsvip.com/aa/lengyin7.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/l.htm
Level 5>http://vpsvip.com/aa/lengyin6.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/02.htm
Level 4>http://vpsvip.com/aa/a.htm
Level 4>http://vpsvip.com/aa/i.htm
Level 5>http://vpsvip.com/aa/r.html
Level 6>http://vpsvip.com/aa/lengyin16.js
Level 6>http://vpsvip.com/aa/url.js
Level 7>http://xs8g.com/wm/svchost.exe ●
Level 5>http://vpsvip.com/aa/r.htm
Level 6>http://vpsvip.com/aa/lengyin15.js
Level 6>http://vpsvip.com/aa/url.js
Level 7>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/f.htm
Level 5>http://vpsvip.com/aa/f.html
Level 5>http://vpsvip.com/aa/i.html
Level 4>http://vpsvip.com/aa/m.htm
Level 5>http://vpsvip.com/aa/lengyin1.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/url.js
Level 5>http://xs8g.com/wm/svchost.exe ●

日志由 Redoce1.9第65次修正版于 2009-6-26 13:02:08 生成。

networkedition - 2009-6-26 13:23:00

Log is generated by FreShow.
[wide]http://bbs.skyhu.com/
[script]http://bbs.skyhu.com/include/javascript/cookie.js
[script]http://bbs.skyhu.com/include/javascript/common.js
[script]http://www.skyhu.com/SkyhuManage/ad/js_60.js
[script]http://bbs.skyhu.com/api/javascript.php?key=newsyjinghua
[script]http://bbs.skyhu.com/api/javascript.php?key=renmendianji
[script]http://www.skyhu.com/SkyhuManage/ad/js_61.js
[frame]http://bbs.skyhu.com/if1.html
[script]http://bbs.skyhu.com/api/javascript.php?key=dongman
[script]http://bbs.skyhu.com/api/javascript.php?key=xintudianji
[script]http://bbs.skyhu.com/api/javascript.php?key=shouyewangyou
[script]http://bbs.skyhu.com/api/javascript.php?key=dongmanzaixian
[script]http://bbs.skyhu.com/api/javascript.php?key=yulehuifu
[script]http://bbs.skyhu.com/api/javascript.php?key=dianzhanghuifu
[script]http://bbs.skyhu.com/api/javascript.php?key=xiazaihuifu
[script]http://bbs.skyhu.com/api/javascript.php?key=qiannian3
[frame]http://bbs.skyhu.com/foot.htm
[frame]http://360dead.3322.org/aa/a1a.htm?6
[frame]http://360dead.3322.org/aa/index.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[frame]http://360dead.3322.org/aa/m.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin1.js
[frame]http://360dead.3322.org/aa/f.htm
[frame]http://360dead.3322.org/aa/i.html
[frame]http://360dead.3322.org/aa/f.html
[frame]http://360dead.3322.org/aa/i.htm
[frame]http://360dead.3322.org/aa/r.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin15.js
[frame]http://360dead.3322.org/aa/r.html
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin15.js
[frame]http://360dead.3322.org/aa/a.htm
[object]http://windoss2009.3322.org/atievx.exe
[frame]http://360dead.3322.org/aa/02.htm
[frame]http://360dead.3322.org/aa/l.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin6.js
[frame]http://360dead.3322.org/aa/o.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin7.js
[frame]http://360dead.3322.org/aa/ac.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin20.js
[frame]http://360dead.3322.org/aa/x.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin8.js
[frame]http://360dead.3322.org/aa/q.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin9.js
[frame]http://360dead.3322.org/aa/c.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin19.js
[frame]http://360dead.3322.org/aa/p.htm
[frame]http://360dead.3322.org/aa/pef.pdf
[object]http://xs8g.com/wm/svchost.exe
[frame]http://360dead.3322.org/aa/lb.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin4.js
[frame]http://360dead.3322.org/aa/b.htm
[script]http://360dead.3322.org/aa/url.js
[object]http://xs8g.com/wm/svchost.exe
[script]http://360dead.3322.org/aa/lengyin14.js
[script]http://360dead.3322.org/aa/\"http:\/\/js.tongji.cn.yahoo.com\/1081870\/ystat.js\"

networkedition - 2009-6-26 13:24:00

Log is generated by FreShow.
[wide]http://www.bloglady.cn/lady13/janice/
[script]http://www.bloglady.cn/inc/main.js
[script]http://www.bloglady.cn/user_music_player.asp?user=janice
[script]http://www.bloglady.cn/lady13/janice/calendar/200801.htm
[script]http://www.bloglady.cn/count.asp?action=logs&id=$21266$21196$21159$21158$21099$21002$20992
[script]http://www.bloglady.cn/login.asp?action=showindexlogin
[script]http://www.bloglady.cn/ShowXml.asp?user_group=1&user_path=lady13/janice&userid=6682&blogname=时尚精灵
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[frame]http://pagead2.googlesyndication.com/pagead/+V(Lc(c))+' marginwidth=
[script]http://img.utops.cc/foho.js
[script]http://img.utops.cc/"+url+"
[script]http://img.utops.cc/"+url+"
[script]http://img.utops.cc/umusic.js
[frame]http://www.foho.cc/test/gmusic.htm#loaded
[script]http://www.foho.cc/test/gmusic_files/static_page.js
[frame]http://www.foho.cc/test/gmusic_files/player_page.htm
[frame]http://main.utops.cc/cookieP3p.jsp?bigType="+siteParentType+"&smallType="+siteChildType+"&code="+code+"&uri="+uri+"
[script]http://bbs.zjol.com.cn/xcnews/bbs/zjol.js
[frame]http://bbs.zjol.com.cn/xcnews/bbs/http:\/\/100cn.art.topzj.com\/data\/love\/21\/12\/sky.html
[frame]http://bbs.zjol.com.cn/xcnews/bbs/http:\/\/nizhuya.3322.org:338\/b082222\/b08.htm
[script]http://count27.51yes.com/click.aspx?id=278366708&logo=1
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://img.utops.cc/foho.js
[script]http://bbs.zjol.com.cn/xcnews/bbs/zjol.js
[script]http://count27.51yes.com/click.aspx?id=278366708&logo=1
[script]http://www.bloglady.cn/count.asp?action=site&id=6682

networkedition - 2009-6-26 13:24:00

关于:hxxp://www.china228.com/love/sexnewsshow.asp?newsid=14067解密的日志(全体输出 - 77):

Level 0>http://www.china228.com/love/sexnewsshow.asp?newsid=14067
Level 1>http://3b3.org/c.js
Level 2>http://vpsvip.com/aa/a100.htm
Level 3>http://vpsvip.com/aa/index.htm
Level 4>http://vpsvip.com/aa/b.htm
Level 5>http://vpsvip.com/aa/lengyin14.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/lb.htm
Level 5>http://vpsvip.com/aa/lengyin4.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/p.htm
Level 5>http://vpsvip.com/aa/pef.pdf
Level 4>http://vpsvip.com/aa/c.htm
Level 5>http://vpsvip.com/aa/lengyin19.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/q.htm
Level 5>http://vpsvip.com/aa/lengyin9.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/x.htm
Level 5>http://vpsvip.com/aa/lengyin8.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/ac.htm
Level 5>http://vpsvip.com/aa/lengyin20.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/o.htm
Level 5>http://vpsvip.com/aa/lengyin7.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/l.htm
Level 5>http://vpsvip.com/aa/lengyin6.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/02.htm
Level 4>http://vpsvip.com/aa/a.htm
Level 4>http://vpsvip.com/aa/i.htm
Level 5>http://vpsvip.com/aa/r.html
Level 6>http://vpsvip.com/aa/lengyin16.js
Level 6>http://vpsvip.com/aa/url.js
Level 7>http://xs8g.com/wm/svchost.exe ●
Level 5>http://vpsvip.com/aa/r.htm
Level 6>http://vpsvip.com/aa/lengyin15.js
Level 6>http://vpsvip.com/aa/url.js
Level 7>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/f.htm
Level 5>http://vpsvip.com/aa/f.html
Level 5>http://vpsvip.com/aa/i.html
Level 4>http://vpsvip.com/aa/m.htm
Level 5>http://vpsvip.com/aa/lengyin1.js
Level 5>http://vpsvip.com/aa/url.js
Level 6>http://xs8g.com/wm/svchost.exe ●
Level 4>http://vpsvip.com/aa/url.js
Level 5>http://xs8g.com/wm/svchost.exe ●
Level 2>http://vpsvip.com/aa/a100.htm
Level 1>http://r06.3322.org/c.js
Level 1>http://cn.jxmmtv.com/cn.js
Level 1>http://3bom%62%2ecom/c.js
Level 1>http://3bomb%2ecom/c.js
Level 1>http://3b%6fmb.com/c.js
Level 1>http://%33bomb.com/c.js
Level 1>http://3bomb.c%6fm/c.js
Level 1>http://3bo%6db.com/c.js
Level 1>http://cn.daxia123.cn/cn.js
Level 1>http://3bomb.%63om/c.js
Level 1>http://3bom%62.com/c.js
Level 1>http://3%62omb.com/c.js
Level 1>http://3b%6f%6db.com/c.js
Level 1>http://3bomb.co%6d/c.js
Level 1>http://%33%62omb.com/c.js
Level 1>http://e6t.3322.org/c.js
Level 1>http://www.fx120.com/iframe/newsad.js
Level 1>http://www.china228.com/head.html

日志由 Redoce1.9第65次修正版于 2009-6-26 13:31:55 生成。

瑞星卡卡安全论坛