瑞星网站每日安全播报(2010年12月15日) bbs.ikaka.com

networkedition - 2010-12-15 11:29:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不再分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://health.zhnews.net/（健康频道-珠海新闻网）
2. http://tea.ahnw.gov.cn/（茶网·中国）
3. http://www.ccnews.gov.cn/（长春信息港--长春新闻网）
4. http://www.cqghzlg.gov.cn/（重庆市规划展览馆）
5. http://www.ljgc.gov.cn/（丽江古城官方网站）

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

networkedition - 2010-12-15 11:29:00

关于:hxxp://health.zhnews.net/ask/question.php?id=1541解密的日志(全体输出 -

11):

Level 0>http://health.zhnews.net/ask/question.php?id=1541
Level 1>http://health.zhnews.net/js/js.js
Level 1>http://health.zhnews.net/include/dedeajax2.js
Level 1>http://health.zhnews.net/ask/=13
Level 1>http://222.186.40.226:83/ie.htm
Level 2>http://222.186.40.226:83/i2.js
Level 2>http://222.186.40.226:83/i1.js
Level 3>http://222.186.40.226:83/wm.exe
Level 2>http://222.186.40.226:83/i0.js
Level 1>http://222.186.40.226:83/ie.htm
Level 1>http://222.186.40.226:83/ie.htm

日志由 Redoce2.1第19次修正版于 2010-12-15 11:15:11 生成。

networkedition - 2010-12-15 11:30:00

Log generated by networkedition use mdecoder 0.67
[root]http://tea.ahnw.gov.cn/culture/ShowZx.asp?ID=18494(盆栽茶花的浇水学问（二）)
[flash]http://tea.ahnw.gov.cn/culture/../001pic/banner3.swf
[flash]http://tea.ahnw.gov.cn/culture/../001pic/banner3.swf
[script]http://220.231.180.83:60000/ads_website.php?REFERER=http://tea.ahnw.gov.cn1
[object]http://nimacc20.3322.org:171/win7/index.html?id=156
[object]http://nimacc20.3322.org:171/win7/boom-3.html?d=156
[object]http://nimacc20.3322.org:171/win7/156/a.jpg
[object]http://web.9bic.net:6668/Down/my/156.exe
[script]http://nimacc20.3322.org:171/win7/ap.js

networkedition - 2010-12-15 11:31:00

Log is generated by FreShow.
[wide]http://www.ccnews.gov.cn/newssite/pages/help/db/129.html
[frame]http://mywy.miyunedu.net/log/index.htm
[object]http://www.kl10000.com/UploadFile/13/ie.htm
[object]http://www.whihr.com.cn/db/1.exe
[script]http://www.kl10000.com/UploadFile/13/ap.js
[frame]http://mywy.miyunedu.net/log/
[frame]http://mywy.miyunedu.net/log/
[script]http://ad.2112111.com/ad/tc.js
[script]http://count47.51yes.com/click.aspx?id=479216081&logo=12
[script]http://www.kl10000.com/UploadFile/13/woool.js

networkedition - 2010-12-15 11:32:00

Log generated by networkedition use mdecoder 0.67
[root]http://www.cqghzlg.gov.cn/html/err.asp?www.cdcman.com(QQ西游辅助工具|QQ西游助手，QQ西游工具免费下载)
[iframe]http://www.cqghzlg.gov.cn/group/ie.html
[script]http://www.cqghzlg.gov.cn/group/party.css
[virus]http://www.jx2dbtwg.com/dnf/020.css
[script]http://www.cqghzlg.gov.cn/group/css.css
[script]http://www.cqghzlg.gov.cn/group/js.css
[script]http://js.users.51.la/4329814.js

networkedition - 2010-12-15 11:32:00

Log generated by networkedition use mdecoder 0.67
[root]http://www.ljgc.gov.cn/cache/1.htm?www.dhwooden.com
[exp]http://www.nancaibook.com/js/t48/ie.html(Exploit.Ie0dayCVE0806.a)
[virus]http://yp.ttymq.com/data/6.exe
[script]http://js.users.51.la/3859558.js
[iframe]http://www.nancaibook.com/js/t48/c.htm
[script]http://www.nancaibook.com/js/t48/scvhost.txt

09kaka - 2010-12-16 14:58:00

Log is generated by FreShow.
[wide]http://tea.ahnw.gov.cn/culture/ShowZx.asp?ID=18494
[script]http://220.231.180.83:60000/ads_website.php?REFERER=http://tea.ahnw.gov.cn1
[object]http://nimacc42.3322.org:171/win7/index.html?id=156
[object]http://nimacc42.3322.org:171/win7/boom-3.html?id=156
[script]http://nimacc42.3322.org:171/win7/"+id+"/a.jpg
[object]http://web.9bic.net:6668/Down/my/156.exe
[script]http://nimacc42.3322.org:171/win7/ap.js
[script]http://s14.cnzz.com/stat.php?id=187857&web_id=187857&show=pic1

瑞星卡卡安全论坛