狂毒的一个被挂马的网站，谁敢进？！！

显示全部楼层 · 发表于 2007-11-20 21:11:23

我这儿没弹出来窗口而是IE直接挂掉随后系统卡了N分钟.. 无奈结束了IE

显示全部楼层 · 发表于 2007-11-20 21:22:44

显示全部楼层 · 发表于 2007-11-20 22:07:14

用火狐进去一个毒都没有找到

显示全部楼层 · 发表于 2007-11-20 22:41:28

http://www.qdipc.net/download/data/index.htm
http://boc.sbb22.com/home/index.htm
http://www.kledy.cn/
http://boc.sbb22.com/home/index.htm
http://www.qdipc.net/download/data/index.htm
->作者无聊写了几个字“去死无聊闲着吗”
http://boc.sbb22.com/home/index.htm
->http://boc.sbb22.com/
=>http://aa.llsging.com/ww/new82.htm
  =->http://aa.llsging.com/aa/haha.htm
  =->http://aa.llsging.com/aa/pps.htm
==>估计就这些玩意（借用他人成果..）
http://down.llsging.com/bb/t.exe
http://down.llsging.com/bb/bd.exe
http://down.llsging.com/bb/bd.cab
http://down.llsging.com/bb/014.exe
http://down.llsging.com/bb/pps.exe
http://down.llsging.com/bb/bf.exe
  x>http://js.users.51.la/1299644.js
->http://nn.mm5208.com/nn.htm
=>http://www.ip530.com/newbala.htm
  =->http://www.ip530.com/wm/g14.htm
==>http://268ip.com/ad.exe
  =->http://www.ip530.com/wm/du66.htm
  x>http://www.ip530.com/wm/old.js
  x>http://js.users.51.la/1428891.js
->http://acc.jqxx.org/ac.htm
=>http://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
  =->http://dfs.jfkdlirjnfirpocr.com/web/htm.html
==>不会..郁闷ing..迅雷漏洞的一个东西
  x>http://js.users.51.la/1153797.js
  x>http://ww4.tongji123.com/g3.aspx?id=40012170
->http://xx.9365.org/
=>http://5.xqhgm.com/new/1.htm
  =->http://1.xqhgm.com/x.exe
=>http://5.xqhgm.com/new/2.htm
  =->http://1.xqhgm.com/calc.cab
=>http://5.xqhgm.com/new/3.htm
  x>无法显示
=>http://5.xqhgm.com/new/4.htm
  =->http://3.xqhgm.com/zs.exe
=>http://5.xqhgm.com/new/1.gif
  =->http://1.xqhgm.com/x.exe
x>http://s30.cnzz.com/stat.php?id=658703&web_id=658703
x>http://js.users.51.la/1402795.js

水平太烂估计有漏掉的

显示全部楼层 · 发表于 2007-11-20 22:53:06

好夸张啊，没1G内存不能进。

俺256M内存的NB，出出进进。

结果见 hips区。

显示全部楼层 · 发表于 2007-11-21 00:49:22

firefox進去沒什么反應

显示全部楼层 · 发表于 2007-11-21 00:51:31

補丁沒打齊

用ie進去后

咖啡規則攔截如下：

2007-11-21 0:50:01 被行为阻挡规则阻挡 LENOVO-D297CD8A\Administrator IEXPLORE.EXE C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RFLN7T4S\zs[1].exe 禁止在Temporary Internet Files文件夹下建立exe文件已阻止的操作:创建
2007-11-21 0:50:01 被行为阻挡规则阻挡 LENOVO-D297CD8A\Administrator IEXPLORE.EXE C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RFLN7T4S\CA67KTOD.exe 禁止在Temporary Internet Files文件夹下建立exe文件已阻止的操作:创建

显示全部楼层 · 发表于 2007-11-21 01:22:18

KIS7.0报

2007-11-21 1:19:08       URL: http://aa.llsging.com/ww/new82.htm       检测到木马程序 'Trojan-Clicker.HTML.IFrame.en'
2007-11-21 1:19:10       URL: http://aa.llsging.com/ww/new82.htm       拒绝访问
2007-11-21 1:19:11       URL: http://aa.llsging.com/ww/new82.htm       检测到木马程序 'Trojan-Clicker.HTML.IFrame.en'
2007-11-21 1:19:12       URL: http://aa.llsging.com/ww/new82.htm       拒绝访问

2007-11-21 1:19:09 恶意HTTP对象 <http://aa.llsging.com/ww/new82.htm>：检测到木马程序 'Trojan-Clicker.HTML.IFrame.en'。　
2007-11-21 1:19:10 恶意HTTP对象 <http://aa.llsging.com/ww/new82.htm>：拒绝访问。　
2007-11-21 1:19:11 恶意HTTP对象 <http://aa.llsging.com/ww/new82.htm>：检测到木马程序 'Trojan-Clicker.HTML.IFrame.en'。　
2007-11-21 1:19:12 恶意HTTP对象 <http://aa.llsging.com/ww/new82.htm>：拒绝访问。　

[ 本帖最后由 xxl 于 2007-11-21 01:24 编辑 ]

显示全部楼层 · 发表于 2007-11-21 08:48:14

监视到了足足有153项HTTP请求：

hxxp://www.ispdown.com/
hxxp://www.ispdown.com/image/style.css
hxxp://www.qdipc.net/download/data/index.htm
hxxp://boc.sbb22.com/home/index.htm
hxxp://www.ispdown.com/css.css
hxxp://www.ispdown.com/Admin_STYLE.CSS
hxxp://www.ispdown.com/images/index.css
hxxp://boc.sbb22.com/
hxxp://www.ispdown.com/images/top.jpg
hxxp://nn.mm5208.com/nn.htm
hxxp://acc.jqxx.org/ac.htm
hxxp://xx.9365.org/
hxxp://a.2008yi.com/hu.htm
hxxp://aa.llsging.com/ww/new82.htm
hxxp://www.kledy.cn/
hxxp://nn.mm5208.com/nn.htm
hxxp://acc.jqxx.org/ac.htm
hxxp://xx.9365.org/
hxxp://a.2008yi.com/hu.htm
hxxp://nn.mm5208.com/nn.htm
hxxp://acc.jqxx.org/ac.htm
hxxp://a.2008yi.com/hu.htm
hxxp://nn.mm5208.com/nn.htm
hxxp://acc.jqxx.org/ac.htm
hxxp://xx.9365.org/
hxxp://a.2008yi.com/hu.htm
hxxp://acc.jqxx.org/ac.htm
hxxp://xx.9365.org/
hxxp://a.2008yi.com/hu.htm
hxxp://aa.llsging.com/ww/new82.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
hxxp://aa.llsging.com/ww/new82.htm
hxxp://aa.llsging.com/ww/new82.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
hxxp://5.xqhgm.com/sha1.htm
hxxp://www.ip530.com/newbala.htm
hxxp://www.ip530.com/newbala.htm
hxxp://www.foafau.info/ms33.htm?8818
hxxp://aa.llsging.com/a2/haha.htm
hxxp://aa.llsging.com/a2/pps.htm
hxxp://5.xqhgm.com/sha1.htm
hxxp://xx.9365.org/
hxxp://www.foafau.info/ms33.htm?8818
hxxp://www.ip530.com/newbala.htm
hxxp://www.foafau.info/ms33.htm?8818
hxxp://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
hxxp://nn.mm5208.com/nn.htm
hxxp://www.ip530.com/newbala.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
hxxp://5.xqhgm.com/sha1.htm
hxxp://www.ip530.com/wm/g14.htm
hxxp://aa.llsging.com/ww/new82.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/6619038.htm
hxxp://5.xqhgm.com/sha1.htm
hxxp://www.foafau.info/ms33.htm?8818
hxxp://aa.llsging.com/a2/haha.htm
hxxp://aa.llsging.com/a2/pps.htm
hxxp://aa.llsging.com/a2/haha.htm
hxxp://aa.llsging.com/a2/pps.htm
hxxp://5.xqhgm.com/new/1.htm
hxxp://5.xqhgm.com/new/2.htm
hxxp://5.xqhgm.com/new/3.htm
hxxp://5.xqhgm.com/new/4.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/htm.html
hxxp://dfs.jfkdlirjnfirpocr.com/web/htm.html
hxxp://www.ip530.com/wm/g14.htm
hxxp://www.ip530.com/wm/du66.htm
hxxp://www.ip530.com/wm/g14.htm
hxxp://www.ip530.com/wm/du66.htm
hxxp://www.ip530.com/wm/dm.htm
hxxp://5.xqhgm.com/new/1.htm
hxxp://5.xqhgm.com/new/2.htm
hxxp://5.xqhgm.com/new/3.htm
hxxp://5.xqhgm.com/new/4.htm
hxxp://5.xqhgm.com/new/1.htm
hxxp://5.xqhgm.com/new/2.htm
hxxp://5.xqhgm.com/new/3.htm
hxxp://5.xqhgm.com/new/4.htm
hxxp://www.ip530.com/wm/g14.htm
hxxp://www.ip530.com/wm/dm.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/htm.html
hxxp://www.ip530.com/wm/g14.htm
hxxp://www.ip530.com/wm/du66.htm
hxxp://www.ip530.com/wm/dm.htm
hxxp://www.foafau.info/ms33.htm?8818
hxxp://www.ip530.com/wm/du66.htm
hxxp://www.ip530.com/wm/dm.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/htm.html
hxxp://5.xqhgm.com/new/1.htm
hxxp://5.xqhgm.com/new/2.htm
hxxp://5.xqhgm.com/new/3.htm
hxxp://5.xqhgm.com/new/4.htm
hxxp://www.ip530.com/wm/dm.htm
hxxp://268ip.com/ad.exe
hxxp://www.ip530.com/wm/du66.htm
hxxp://www.ispdown.com/images/l0.gif
hxxp://www.ispdown.com/image/more01.gif
hxxp://www.ispdown.com/showpic.asp?id=34
hxxp://www.ispdown.com/showpic.asp?id=15
hxxp://www.ispdown.com/image/more.gif
hxxp://www.ispdown.com/image/bullet.gif
hxxp://www.ispdown.com/image/point2.gif
hxxp://www.ispdown.com/images/Button_search.gif
hxxp://www.usb-blaster.com/logo.gif
hxxp://www.mcu99.com/images/logo.gif
hxxp://1.xqhgm.com/x.exe
hxxp://www.megadiy.com/bbs/logo.gif
hxxp://www.51eda.com/logo/eda.gif
hxxp://3.xqhgm.com/zs.exe
hxxp://dfs.jfkdlirjnfirpocr.com/web/web.htm
hxxp://dfs.jfkdlirjnfirpocr.com/web/web.htm
hxxp://268ip.com/ad.exe
hxxp://www.unsp.com.cn/img/unsp_logo.gif
hxxp://www.etuni.com/images/etuni-logo.gif
hxxp://www.fjmcu.com/images/logo.gif
hxxp://www.qlmcu.com/images/qllogo.gif
hxxp://activex.microsoft.com/objects/ocget.dll
hxxp://3.xqhgm.com/zs.exe
hxxp://www.emchome.net/images/logo.gif
hxxp://www.pic16.com/pic16lg.gif
hxxp://codecs.microsoft.com/isapi/ocget.dll
hxxp://www.mcublog.com/logo.gif
hxxp://activex.microsoft.com/objects/ocget.dll
hxxp://www.mcustudio.com/logo1.gif
hxxp://www.kegedz.com/pic/kg1.gif
hxxp://codecs.microsoft.com/isapi/ocget.dll
hxxp://www.foafau.info/ms33.htm?8818
hxxp://1.xqhgm.com/x.exe
hxxp://www.zmmcu.com/image/logo2.gif
hxxp://www.iamrobot.net/logo.gif
hxxp://www.21mcu.com/images/logo.gif
hxxp://www.cdle.net/Image/ECOM/logo.gif
hxxp://3.xqhgm.com/zs.exe
hxxp://www.61ic.com/logo61.gif
hxxp://www.xiao-qi.com/pageimage.files/xqlogo.gif
hxxp://www.embed.com.cn/images/logo.gif
hxxp://www.usbing.net/images/logo.gif
hxxp://www.ispdown.com/image/idbt.gif
hxxp://www.ispdown.com/image/spacer.gif
hxxp://www.ispdown.com/Images/topBar_bg.gif
hxxp://www.ispdown.com/image/mframe_t.jpg
hxxp://www.ispdown.com/image/mframe_t_l.jpg
hxxp://www.ispdown.com/image/mframe_t_r.jpg
hxxp://www.ispdown.com/image/bg11.gif
hxxp://www.kledy.cn/images/style.css
hxxp://www.kledy.cn/images/logo.gif
hxxp://www.kledy.cn/images/loading.gif
hxxp://www.kledy.cn/images/inputso.gif
hxxp://www.kledy.cn/images/uploadimg/200711511452044502.jpg
hxxp://www.kledy.cn/images/uploadimg/2007103016593126733.jpg
hxxp://www.kledy.cn/images/uploadimg/200710301935557100.jpg
hxxp://www.kledy.cn/images/uploadimg/2007671771765050.jpg
hxxp://www.kledy.cn/images/uploadimg/2007111512411349227.jpg

【完】

[ 本帖最后由 wanglaoban 于 2007-11-21 10:59 编辑 ]

显示全部楼层 · 发表于 2007-11-21 15:19:44

FF进去，KIS7和EQ均没有任何反应！

狂毒的一个被挂马的网站，谁敢进？！！

本帖子中包含更多资源

本帖子中包含更多资源