MSN官网有病毒?

显示全部楼层 · 发表于 2007-9-24 10:17:54

上了http://messenger.live.cn/后小红伞呼地一声跳出来:

Virus or unwanted program 'HTML/IFrame.Age.ytr [HTML/IFrame.Age.ytr]'
detected in file 'C:\Documents and Settings\ASUS\Local Settings\Temporary Internet Files\Content.IE5\QT5M3UD4\messenger.live[1].htm.
Action performed: Move file to quarantine

[fly]误报好厉害[/fly]

显示全部楼层 · 发表于 2007-9-24 10:48:27

msn也有毒啦？

显示全部楼层 · 发表于 2007-9-24 11:29:35

前些天上报过回复如下

Avira Lab Response - Tracking number 80297
发件人：
Avira Virus Lab Response Team (noreply@avira.com) 添加联系人

发送时间：
2007年9月14日 15:18:15

收件人：
whitlack@live.com

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00080297.

We received the following archive files:

File ID Filename Size (Byte) Result
1310975 messenger.live[1].rar 5.78 KB OK
A listing of files contained inside archives alongside their results can be found below:

File ID Filename Size (Byte) Result
1310976 messenger.live[1].htm 20.98 KB MALWARE

Please find a detailed report concerning each individual sample below:

Filename Result
messenger.live[1].htm MALWARE

The file 'messenger.live[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat HTML/IFrame.Age.ytr. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.Detection is added to our virus definition file (VDF) starting with version 6.39.01.26.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=pTyBwKFpyNq0sEHNVTz5HX4C4XCUZb0C&incidentid=80297

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=pTyBwKFpyNq0sEHNVTz5HX4C4XCUZb0C

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

显示全部楼层 · 发表于 2007-9-24 14:26:41

给翻译一下，伙计

这里不是个个人都看的懂洋文啊

显示全部楼层 · 发表于 2007-9-24 16:41:48

The file 'messenger.live[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat HTML/IFrame.Age.ytr. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.Detection is added to our virus definition file (VDF) starting with version 6.39.01.26.
看样子要入库了？

显示全部楼层 · 发表于 2007-9-24 18:22:37

仔细看了一下，貌似没什么问题啊没被挂马

显示全部楼层 · 发表于 2007-9-24 21:38:16

前些天我红伞的也报了

显示全部楼层 · 发表于 2007-9-25 07:17:06

可能木马被清除了，所以现在才不会报警了

显示全部楼层 · 发表于 2007-9-25 15:26:51

觉得是这个东西,而不是毒
<script language="JavaScript">
function rand(num)
{
return Math.floor(Math.random()*num)+1;
}
var adftrack_ref=escape(document.referrer);
document.write("<iframe src=http://mccannmsnbjafa.allyes.com/main/adftrack?db=mccannmsnbjafa&point=38&cache="+rand(9999999)+"&pre=" + adftrack_ref + " width=0 height=0><\/iframe>");
</script>
</body>
</html>

中国互联网INTERNET100
www.allyes.com
因为通过document.write 创建了1个IFRAME 并且发送了document.referrer(当前浏览的url)到某个网址,这个行为实在太象不良脚本,所以被老德认为是盗窃浏览信息的恶意脚本吧,所以算做MALWARE
德国人不可能知道allyes是不是个安全的站点- -.......(顺便一说allyes本来就不是好东西,所以...)
- -.这个调查的代码也太低劣了,所以站长装调查,统计,广告的时候一定要小心,可能本来无害,但实在太象有害............结果被报读或者GOOGLE来个,可能包含恶意软件.......

[ 本帖最后由 winddxr 于 2007-9-25 15:34 编辑 ]

显示全部楼层 · 发表于 2007-10-3 18:52:48

到处都有不好的东西啊

[讨论] MSN官网有病毒?

本帖子中包含更多资源