networkedition - 2010-7-26 17:09:00
网址均来自瑞星每日安全播报,我们详细分析其中所挂恶意网址,对于已失效的恶意网址就不再分析。
注:以下分析出的恶意网址均包含有真实网马下载地址,请勿直接下载并运行,以免系统中招。
1. http://bbs.zdface.com/(FACE妆点论坛)
2. http://www.okzhuhai.com/(珠海文体旅游网)
3. http://www.yangtse.com/(扬子晚报网-生活经验分享媒体)
用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
networkedition - 2010-7-26 17:10:00
Log generated by networkedition use mdecoder 0.54
[root]http://bbs.zdface.com/
[script]http://bbs.zdface.com/js/scroll.js
[script]http://bbs.zdface.com/js/hd_index.js
[script]http://bbs.zdface.com/js/indexhuadong.js
[script]http://bbs.zdface.com/js/lw.js
[exp]http://cpm888.9966.org:91/xc04/04index.htm(Exploit.Ie0dayCVE0806.a)
[script]http://cpm888.9966.org:91/xc04/ap.js
[virus]http://aao.118bbs.com:8933/x/up04.exe
[script]http://bbs.zdface.com/js/hd_index.js
[flash]http://bbs.zdface.com/templates/default/images/bbs-top.swf
[flash]http://bbs.zdface.com/templates/default/images/index1.swf
[script]http://www.zdface.com/Controls/wailianAD/ADtype3item321.aspx
[flash]http://ask.zdface.com/UpFile/20100622101005pjyh.swf
[flash]http://bbs.zdface.com/templates/default/images/index2.swf
[script]http://www.zdface.com/Controls/wailianAD/ADtype2item322.aspx
[flash]http://ask.zdface.com/UpFile/20100712095452brcw.swf
[script]http://www.zdface.com/Controls/wailianADADtype4item324.aspx
[script]http://bbs.zdface.com/google-analytics.com/ga.js
[script]http://www.zdface.com/js/ad/BBS/ad.js
[script]http://code12.onetad.com/js/272/272477.js
[script]http://code12.onetad.com/okno.php
[script]http://js.cnxad.com/pcode3h.js
[script]http:///p1.ashx?w=&sid=&e=&furl=&ffurl=
networkedition - 2010-7-26 17:10:00
Log generated by networkedition use mdecoder 0.54
[root]http://www.okzhuhai.com/plus/news/245.html
[script]http://www.gangju.com.cn/css/zz.png
[exp]http://www.gangju.com.cn/css/zz.html(Exploit.Ie0dayCVE0806.a)
[virus]http://www.gangju.com.cn/css/zz.exe
networkedition - 2010-7-26 17:11:00
Log generated by networkedition use mdecoder 0.54
[root]http://www.yangtse.com/baby/vote/css/dt100714856.html
[flash]http://player.youku.com/player.php/sid/XMTYzNjE3MDA4=/v.swf
[script]http://js.users.51.la/3785318.js
[script]http://a4.lvguihua.com:8081/user/inc/dt/css.png
[exp]http://a6.lvguihua.com:8081/user/inc/dt/ie.html?哈韩(Exploit.Ie0dayCVE0806.a)
[virus]http://a5.lvguihua.com:8081/user/inc/dt.exe
jks_风 - 2010-7-26 20:30:00
Log is generated by FreShow.
[wide]http://bbs.zdface.com
[script]http://bbs.zdface.com/js/scroll.js
[script]http://bbs.zdface.com/js/hd_index.js
[script]http://bbs.zdface.com/js/indexhuadong.js
[script]http://bbs.zdface.com/js/lw.js
[frame]http://bbs.zdface.com/js/http:\/\/cpm888.9966.org:91\/xc04\/04index.htm
[object]http://aao.118bbs.com:8933/x/up04.exe
[script]http://bbs.zdface.com/js/hd_index.js
[script]http://www.zdface.com/Controls/wailianAD/ADtype3item321.aspx
[script]http://www.zdface.com/Controls/wailianAD/ADtype2item322.aspx
[script]http://www.zdface.com/Controls/wailianAD\ADtype4item324.aspx
[script]http://s107.cnzz.com/stat.php?id=409711&web_id=409711
[script]http://js.tongji.linezing.com/1380400/tongji.js
[script]http://www.zdface.com/js/ad/BBS/ad.js
[script]http://www.zdface.com/js/ad/BBS/\"http:\/\/code12.onetad.com\/js\/272\/272477.js\"
[script]http://www.zdface.com/js/ad/BBS/\"http:\/\/code12.onetad.com\/okno.php\"
[script]http://www.zdface.com/js/ad/BBS/\'http:\/\/js.cnxad.com\/pcode3h.js\'
[script]http://js.cnxad.com/\"http:\/\/"+codedomain+"\/p1.ashx?w="+cnxad_userid+"&sid="+cnxad_subid+"&e="+cnxad_encode+"&furl="+cnxad_location+"&ffurl="+cnxad_from_url+"\"
jks_风 - 2010-7-26 20:47:00
Script Encoder是Microsoft出品的一个script加密工具,它是一个简单的命令行工具,可以对html文件进行加密,加密后其中的文本部分均保持不变,只是对其中的javascript 和VBscript部分进行加密处理,加密后的script在功能上无任何损失,仅是其代码变成密文,用源文件方式查看只是一些乱码。该程序很小只有64K,使用非常很简单,在DOS命令行下执行,也可在windows下带参数运行。该程序除了可对html文件加密外,也可以对asa, asp, cdx,js, sct,vbs文件加密。加密后的文件大小基本无变化。加密后的javascript中原< SCRIPT LANGUAGE=JScript>行,变成< SCRIPT LANGUAGE=JScript.Encode >,VBscript 中< SCRIPT LANGUAGE=VBScript.Encode>变成< SCRIPT LANGUAGE=VBScript >
Log is generated by FreShow.
[wide]http://www.okzhuhai.com/plus/news/245.html
[script]http://www.gangju.com.cn/css/zz.png
[frame]http://www.gangju.com.cn/css/zz.html
[object]http://www.gangju.com.cn/css/zz.exe
jks_风 - 2010-7-26 20:52:00
Log is generated by FreShow.
[wide]http://www.yangtse.com/baby/vote/css/dt100714856.html
[ani]http://www.800n.cn/images/dt2img/jj2.jpg
[script]http://js.users.51.la/3785318.js
[script]http://a4.lvguihua.com:8081/user/inc/dt/css.png
[frame]http://a6.lvguihua.com:8081/user/inc/dt/ie.html?哈韩
[object]http://a5.lvguihua.com:8081/user/inc/dt.exe
jks_风 - 2010-7-26 20:52:00
无名老师 这个mdecoder 0.54好难找 找了N久没找到 :kaka4:
uakfc - 2010-7-27 9:00:00
这是针对的什么哪些漏洞?
jks_风 - 2010-7-27 10:14:00
这个得看clsid的值 才能确定是什么漏洞 以前看的教程都忘光了~:kaka6:
全民之王 - 2010-7-28 2:59:00
刷新一下dns试试好像是ipconfig/flushdns
© 2000 - 2024 Rising Corp. Ltd.