http://go.hrcompinsuranceservices.com/r/l/assured_units.php【挂马】【测by 阿狸】

显示全部楼层 · 发表于 2012-11-17 11:58:56

本帖最后由 jack1986001 于 2012-11-17 19:10 编辑

是Java Exploit。

趨勢WRS已攔截。

显示全部楼层 · 发表于 2012-11-17 15:11:49

卡巴pure版拦截

显示全部楼层 · 发表于 2012-11-17 16:30:10

BD2013

显示全部楼层 · 发表于 2012-11-17 17:04:27

类别：入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2012/11/17 16:05:52,高,阻止了 go.hrcompinsuranceservices.com 的入侵企图,已阻止,不需要操作,Web Attack: Malicious Toolkit Website 45,不需要操作,不需要操作,"go.hrcompinsuranceservices.com (184.170.142.13, 80)",go.hrcompinsuranceservices.com/r/l/assured_units.php,,184.170.142.13 (184.170.142.13),"TCP, www-http"
来自 go.hrcompinsuranceservices.com/r/l/assured_units.php 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME3\WORKSPACE\HUNTINWORK\MDECODER\MDECODER.EXE 引起。要停止接收有关此类通信的通知，请在“操作”面板中单击“不再提醒我”。

类别：诺顿社区防卫
日期和时间,风险,活动,状态,推荐的操作,更新日期,提交者,说明,提交详细信息
2012/11/17 16:05:53,信息,IPS 检测统计提交,已提交,不需要操作,2012/11/17 16:06:02,Norton Internet Security,IPS 检测统计提交,"Signature ID: 26084 Local or Remote Attacker: 2 Remote Port: 80 Local Port: 52467 Protocol: 6 Signature Set Version: 20121116.001 Application Name: \DEVICE\HARDDISKVOLUME3\WORKSPACE\HUNTINWORK\MDECODER\MDECODER.EXE Offending URL: go.hrcompinsuranceservices.com/r/l/assured_units.php Date Detected: Sat, 17 Nov 2012 08:05:52 GMT Application File Checksum: F1679ACA70642D75CD3C7D371046224E Application File Information: 0.6.7.0 Network Data: 434D50520014000078DAED8FDB4AC34010862758154F2028823752EB45DA0B13BDF026A9856A030D160F698B7A1562B26D16D2DD98DDA8B5F4F17C131FC44DADA2F806321F2C73F8E71F662F5BE7CD454D83650058005019C09B7A452C7AEF04C02CA94A2B4349D525D884F655B7E79F759AE7171DB7DB735A50A01DCCF5ED3FBA7F76DDF99CD9FFBDE3B6EDF69C9F3B2A737D77AEBB1D759ED7FA3B589D0F6E80DBF5AFBDABBB7BBFDFFD12D76149853DD802CFB9E93B6A51DB69B61CCF2F960EB91167211FA594893C0B584804C99EA80A86EA82B63033EFC0DAB7B9EFB966662666209481447ECEA814461AA706E152AFD95323CA1FF3C980337928E82BB14ED2173BA18C1CC6840E6369319E8D82C49E0D0C82114DC6969E1EEB76CA059594332B78103CC925B1254FADA3C24D0672964CEBA690E38434365657EA664C8268963DF0685CE62CE14174AACB6C3C79A62CE2CFC68087B9A8AA93C240867195D42653BD30ACD423FA540E13F585D34A716DA561D5EAA66A3600411004411004411004411004F9CF7C008B9F821A Sub-signature ID: 66607 Remote Address: 184.170.142.13 OS-Country:86 OS-Language:Chinese (Simplified) Processor: System:Windows 7 build 7601 Service Pack 1 Platform-GUID: DateSubmitted:Sat, 17 Nov 2012 08:05:53 GMT Product:Norton Internet Security 20.2.0.19"

显示全部楼层 · 发表于 2012-11-17 17:08:25

解出来是那么个swf，接下来，还在实习中~
hxxp://go.hrcompinsuranceservices.com/r/l/../media/field.swf

显示全部楼层 · 发表于 2012-11-21 20:45:02

无法显示网页

显示全部楼层 · 发表于 2012-11-21 22:07:59

liwnpin 发表于 2012-11-21 20:45
无法显示网页

ZeroDay轉眼即逝

显示全部楼层 · 发表于 2012-11-24 13:26:42

访问被拒绝!
详细信息:
网页: http://linkhelp.clients.google.com/tbproxy/lh/fixurl?hl=zh-CN&sd=com.hk&url=http://go.hrcompinsuranceservices.com/r/l/assured_units.php&sourceid=chrome&error=connectionfailure

显示全部楼层 · 发表于 2012-11-27 13:35:43

AVAST拦截

[已鉴定] http://go.hrcompinsuranceservices.com/r/l/assured_units.php【挂马】【测by 阿狸】

评分