QQROOM网络家园被插入恶意代码

秋叶濛濛

消息来源：知道安全

Log is generated by FreShow.
[wide]http://www.qqroom.com/
    [script]http://s.see9.us/s.js
        [frame]http://b.kaobt.cn/img/hei.htm
            [frame]http://b.kaobt.cn/14.htm
                [object]http://g.jt08.com/ms.exe
            [frame]http://b.kaobt.cn/real.htm
                [object]http://g.jt08.com/ms.exe
            [frame]http://b.kaobt.cn/real11.htm
                [object]http://g.jt08.com/ms.exe
            [frame]http://b.kaobt.cn/lz.htm
                [object]http://g.jt08.com/ms.exe
            [frame]http://b.kaobt.cn/bfyy.htm
                [object]http://g.jt08.com/ms.exe
            [frame]http://b.kaobt.cn/img/xl.htm(已链接不上)

Avira
Worm WORM/Otwycal.J

Avk
Backdoor.Win32.Hupigon.bymh (AVP引擎)

Dr.Web
Backdoor.Pigeon.6620

残缺的唯美

D:\Users\ekincheng\Desktop\ms.rar » RAR » ms.exe - probably a variant of Win32/Genetik trojan

kkgh

avg杀

aribeth199

detected: Trojan program Backdoor.Win32.Hupigon.bymh        URL: http://bbs.kafan.cn/attachment.p ... =1210923521//ms.exe

啊弥陀佛

微点砍掉

The file 's.js' has been determined to be 'MALWARE'. Our analysts named the threat JS/Dldr.Iframe.AZ. The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.

The file 'real11.htm' has been determined to be 'MALWARE'. Our analysts named the threat EXP/RealPlr.BT. The term "EXP/" denotes malware that is able to detect and use certain security vulnerabilities whereby the attacker can get control of the system.Detection will be added to our virus definition file (VDF) with one of the next updates

The file 'bfyy.htm' has been determined to be 'MALWARE'. Our analysts named the threat JS/Dldr.Agent.bbn. The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.

The file 'hei.htm' has been determined to be 'MALWARE'. Our analysts named the threat JS/Dldr.Multi.AN. The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/HTML.Malware.

The file 'lz.htm' has been determined to be 'MALWARE'. Our analysts named the threat JS/Dldr.Agent.bhm. The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/HTML.Malware.

The file 'real.htm' has been determined to be 'MALWARE'. Our analysts named the threat EXP/RealPlr.AG. The term "EXP/" denotes malware that is able to detect and use certain security vulnerabilities whereby the attacker can get control of the system.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/HTML.Malware.

The file '14.htm' has been determined to be 'MALWARE'. Our analysts named the threat VBS/Dldr.Agent.AQ. The term "VBS/" denotes a Visual Basic script-virus.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/HTML.Malware.

allinwonderi

TO ArcaVir， Frisk

BING126

McAfee        New Win32

残缺的唯美

趋势科技网络安全专家已经将此 Web 页面识别为不需要。

--------------------------------------------------------------------------------

  地址: http://g.jt08.com/ms.exe
可靠性: 危险的

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Undef.ghz   

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.44.42