收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 盛大被挂马? 梦幻国度
12下一页
返回列表 发新帖
查看: 3379|回复: 13
收起左侧

[病毒样本] 盛大被挂马? 梦幻国度

[复制链接]
allenhippo
发表于 2007-6-24 10:34:51 | 显示全部楼层 |阅读模式
hxxp://mland.poptang.com/2006/

这个是梦幻国度,手脚要快,已经被发现了。



已经被第一时间发现并修正了,网页肯定打不开了,样本见5楼。

[ 本帖最后由 allenhippo 于 2007-6-24 10:51 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1原创 +2 收起 理由
绅博周幸 + 2 加分鼓励

查看全部评分

回复

举报

金剑
头像被屏蔽
发表于 2007-6-24 10:37:54 | 显示全部楼层
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>《梦幻国度》-已全面支持盛大通行证</title>
<link href="common/style_0918.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
</script>
<!--Adforward Begin:-->
<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://shanda.allyes.com/main/adfshow?user=shanda|mland_guide|popup_win&db=shanda&border=0&local=yes&js=ie"></SCRIPT>
<!--Adforward End-->
<style type="text/css">
<!--
.style1 {color: #666666}
-->
</style>
</head>

<body>
<!--Adforward Begin:0209-0223-->
<!--<SCRIPT LANGUAGE="JavaScript1.1" SRC="h
回复

举报

金剑
头像被屏蔽
发表于 2007-6-24 10:38:37 | 显示全部楼层
document.write("<SCRIPT LANGUAGE=\"Javascript\">\n");
document.write("ADFHOST10225=\"http://shanda.allyes.com\";\n");
document.write("ADFCID10225=985;\n");
document.write("ADFBID10225=10225;\n");
document.write("ADFUSER10225=\"http://shanda.allyes.com/main/adfclick?user=shanda|mland_guide|popup_win&db=shanda&log=on&ip=221.218.186.248&bid=10225&cid=358846&sid=29895&exp1=-849098882&exp2=7670052073&cache=391523&url=http://info.16288.com/NewPay/promotionlink/xwzx/icbc20070601/web/index.htm\";\n");
document.write("</SCR"+"IPT>\n");
function alysxc(u,w,h,p,d,c,b,i,r){//2.0.2
var o=document.getElementById(d),ad;p=(!p)?'Transparent':'Opaque';
ad='<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0" WIDTH="'+w+'" HEIGHT="'+h+'"><PARAM NAME="movie" VALUE="'+u+'"><PARAM NAME="wmode" VALUE="'+p+'"><EMBED src="'+u+'" WIDTH="'+w+'" HEIGHT="'+h+'" WMODE="'+p+'" TYPE="application/x-shockwave-flash"></EMBED></OBJECT>';
o.innerHTML=(!i)?'<div style="POSITION:relative;Z-INDEX:1;width:'+w+'px;height:'+h+'px"><DIV style="POSITION:absolute;left:0;top:0;Z-INDEX:2;width:'+w+'px;height:'+h+'px">'+ad+'</div><div style="POSITION:absolute;left:'+((r)?r[3]:0)+'px;top:'+((r)?r[0]:0)+'px;Z-INDEX:3;width:'+((r)?(w-r[1]-r[3]):w)+'px;height:'+((r)?(h-r[0]-r[2]):h)+'px"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0" ID="button'+b+'" WIDTH="'+((r)?(w-r[1]-r[3]):w)+'" HEIGHT="'+((r)?(h-r[0]-r[2]):h)+'"><PARAM NAME="movie" VALUE="'+c+'/main/adfshow?local=blank.swf"><PARAM NAME="Wmode" VALUE="Transparent"><EMBED src="'+c+'/main/adfshow?local=blank.swf" WMODE="Transparent" WIDTH="'+w+'" HEIGHT="'+h+'" TYPE="application/x-shockwave-flash" name="button'+b+'"></EMBED></OBJECT></div></div>':ad;
return d;}
document.write("<SCRIPT LANGUAGE=\"JavaScript\">\n");
document.write("var flag07053116595538=0;\n");
document.write("var pic07053116595538=\"http://shandacs.allyes.com/banner/400300-ecard-070531.gif\";\n");
document.write("var htm07053116595538=\"http://\";\n");
document.write("var wid07053116595538=400;\n");
document.write("var hei07053116595538=300;\n");
document.write("var scrollbars07053116595538=0;\n");
document.write("var tar07053116595538=\"_blank\";\n");
document.write("var flash_adr07053116595538=\"http://\";\n");
document.write("var poptop_left07053116595538=\"Vleft\";\n");
document.write("var poptop_hei07053116595538=\"Vtop\";\n");
document.write("var template07053116595538=\"<html><meta http-equiv='Content-Type' content='text/html; charset=gb2312'>\";\n");
document.write("var hposition, vposition;\n");
document.write("var aname07053116595538=navigator.appVersion;\n");
document.write("switch (poptop_left07053116595538){\n");
document.write("case \"Vleft\":\n");
document.write("hposition = 5;\n");
document.write("break;\n");
document.write("case \"Vcenter\":\n");
document.write("hposition = Math.round((screen.availWidth - wid07053116595538)/2);\n");
document.write("break;\n");
document.write("case \"Vright\":\n");
document.write("hposition = Math.round(screen.availWidth - wid07053116595538 - 5);\n");
document.write("break;\n");
document.write("}\n");
document.write("switch (poptop_hei07053116595538){\n");
document.write("case \"Vtop\":\n");
document.write("vposition = 5;\n");
document.write("break;\n");
document.write("case \"Vmiddle\":\n");
document.write("vposition = Math.round((screen.availHeight - hei07053116595538)/2);\n");
document.write("break;\n");
document.write("case \"Vbottom\":\n");
document.write("vposition = Math.round(screen.availHeight - hei07053116595538 - 30);\n");
document.write("break;\n");
document.write("}\n");
document.write("var strwin07053116595538=\"toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=\"+scrollbars07053116595538+\",resizable=1,copyhistory=0,width=\"+wid07053116595538+\",height=\"+hei07053116595538+\",left=\" + hposition  + \",top=\" + vposition;\n");
document.write("if (flag07053116595538==0){\n");
document.write("var win07053116595538=open(\"\",\"abc07053116595538\",strwin07053116595538);\n");
document.write("with(win07053116595538.document){\n");
document.write("open(\"text/html\");\n");
document.write("write(\"<html><body topmargin=0 leftmargin=0><a href='\"+ADFUSER10225+\"' target='\"+tar07053116595538+\"'><img src='\"+pic07053116595538+\"' border='0'></a></body></html>\");\n");
document.write("close();\n");
document.write("}\n");
document.write("win07053116595538.focus();}\n");
document.write("else if(flag07053116595538==1){\n");
document.write("var windowfou07053116595538=window.open(htm07053116595538,\"abc07053116595538\",strwin07053116595538);\n");
document.write("windowfou07053116595538.focus();}\n");
document.write("else if(flag07053116595538==2){\n");
document.write("var win07053116595538=open(\"\",\"abc07053116595538\",strwin07053116595538);\n");
document.write("with(win07053116595538.document){\n");
document.write("open();\n");
document.write("write(\"<HTML><body topmargin='0' leftmargin='0'>\");\n");
document.write("if(aname07053116595538.indexOf(\"MSIE\")!=-1)\n");
document.write("write(\"<script language='JavaScript' src='http://shanda.allyes.com/banner/alysxc.js'></scr\"+\"ipt>\");        \n");
document.write("else{\n");
document.write("write(\"<script language='JavaScript'>\");\n");
document.write("write(\"function alysxc(u,w,h,p,d,c,b,i){\");\n");
document.write("write(\"var o=document.getElementById(d),ad;\");\n");
document.write("write(\"p=(!p)?'Transparent':'Opaque';\");\n");
document.write("write(\"ad='<OBJECT classid=\\\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\\\" codebase=\\\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\\\" WIDTH=\\\"'+w+'\\\" HEIGHT=\\\"'+h+'\\\"><PARAM NAME=\\\"movie\\\" VALUE=\\\"'+u+'\\\"><PARAM NAME=\\\"wmode\\\" VALUE=\\\"'+p+'\\\"><EMBED src=\\\"'+u+'\\\" WIDTH=\\\"'+w+'\\\" HEIGHT=\\\"'+h+'\\\" WMODE=\\\"'+p+'\\\" TYPE=\\\"application/x-shockwave-flash\\\"></EMBED></OBJECT>';\");\n");
document.write("writeln(\"o.innerHTML=(!i)?'<div style=\\\"POSITION:relative;Z-INDEX:1;width:'+w+'px;height:'+h+'px\\\"><DIV style=\\\"POSITION:absolute;left:0;top:0;Z-INDEX:2;width:'+w+'px;height:'+h+'px\\\">'+ad+'</div><div style=\\\"POSITION:absolute;left:0;top:0;Z-INDEX:3;width:'+w+'px;height:'+h+'px\\\"><OBJECT classid=\\\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\\\" codebase=\\\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\\\" ID=\\\"button'+b+'\\\" WIDTH=\\\"'+w+'\\\" HEIGHT=\\\"'+h+'\\\"><PARAM NAME=\\\"movie\\\" VALUE=\\\"'+c+'/main/adfshow?local=blank.swf\\\"><PARAM NAME=\\\"Wmode\\\" VALUE=\\\"Transparent\\\"><EMBED src=\\\"'+c+'/main/adfshow?local=blank.swf\\\" WMODE=\\\"Transparent\\\" WIDTH=\\\"'+w+'\\\" HEIGHT=\\\"'+h+'\\\" TYPE=\\\"application/x-shockwave-flash\\\" name=\\\"button'+b+'\\\"></EMBED></OBJECT></div></div>':ad;\");\n");
document.write("write(\"return d;}\");\n");
document.write("write(\"</scr\"+\"ipt>\");\n");
document.write("}\n");
document.write("write(\"<script language='JavaScript'>\");\n");
document.write("write(\"function alysxcf(u,w,h,p){\");\n");
document.write("write(\"if(!p)p=0;var d='leftup07053116595538';\");\n");
document.write("write(\"document.write(\\\"<div id=\\\"+d+\\\"></div>\\\");\");\n");
document.write("write(\"alysxc(u,w,h,p,d,'\"+ADFHOST10225+\"','1022507053116595538');}\");\n");
document.write("write(\"function button1022507053116595538_DoFSCommand(command,args){window.open('\"+ADFUSER10225+\"');} \");\n");
document.write("write(\"alysxcf('\"+flash_adr07053116595538+\"',\"+wid07053116595538+\",\"+hei07053116595538+\");\");\n");
document.write("write(\"</scr\"+\"ipt>\");\n");
document.write("write(\"<script language='VBScript'>\");\n");
document.write("write(\"Sub button1022507053116595538_FSCommand(ByVal Command,ByVal args)\");\n");
document.write("write(\"Call button1022507053116595538_DoFSCommand(command,args)\");\n");
document.write("write(\"end sub\");\n");
document.write("write(\"</scr\"+\"ipt>\");\n");
document.write("write(\"</body></HTML>\");\n");
document.write("close();\n");
document.write("}\n");
document.write("win07053116595538.focus();\n");
document.write("win07053116595538.location.reload();}\n");
document.write("else if(flag07053116595538==3){ \n");
document.write("var win07053116595538=open(\"\",\"abc07053116595538\",strwin07053116595538);\n");
document.write("var rowtemplate07053116595538=template07053116595538.split(\"<allyesbr>\");\n");
document.write("with(win07053116595538.document){\n");
document.write("open(\"text/html\");\n");
document.write("for (key in rowtemplate07053116595538){writeln (rowtemplate07053116595538[key]);}\n");
document.write("close();}\n");
document.write("win07053116595538.focus();\n");
document.write("}\n");
document.write("</SCR"+"IPT>");

评分

参与人数 1原创 +2 收起 理由
绅博周幸 + 2 感谢解答: )

查看全部评分

回复

举报

tracydk
发表于 2007-6-24 10:40:49 | 显示全部楼层

回复 #2 金剑 的帖子

ODAY
回复

举报

mofunzone
发表于 2007-6-24 10:44:22 | 显示全部楼层
有问题网页和木马

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1原创 +2 收起 理由
绅博周幸 + 2 加分鼓励

查看全部评分

回复

举报

allenhippo
 楼主| 发表于 2007-6-24 10:46:10 | 显示全部楼层
盛大已经修正,有问题的上不去了,手脚好快
回复

举报

Whkroran
发表于 2007-6-24 10:46:59 | 显示全部楼层
detected: virus Worm.Win32.Delf.bs        URL: http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX
回复

举报

wangjay1980
发表于 2007-6-24 10:47:00 | 显示全部楼层
deleted: virus Worm.Win32.Delf.bs        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\My Documents.rar/d.exe//PE_Patch.UPX//UPX
回复

举报

傻猪猪米走鸡
发表于 2007-6-24 10:48:44 | 显示全部楼层
报木马……网页pass
回复

举报

tracydk
发表于 2007-6-24 11:03:33 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-12 00:26 , Processed in 0.125819 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表