hxxp://www.cfeenet.com/Index.html(中国财经教育网挂马)

显示全部楼层 · 发表于 2009-7-14 20:03:06

关于:hxxp://www.cfeenet.com/Index.html解密的日志(全体输出 -  31):

Level  0>http://www.cfeenet.com/Index.html
Level  1>http://www.cfeenet.com/guestbook/newguest.asp?kindid=0&kindname=1&num=8&tlen=13&order=0&info=0
Level  1>http://bbs.asp163.net/newtopic.asp?boardid=all&lock=0&bname=0&tlen=20&n=8&sdate=1&orders=2&info=3&action=1&reply=0
Level  1>http://www.cfeenet.com/ad/200601/3.js
Level  1>http://www.cfeenet.com/ad/200706/3_3.js
Level  1>http://www.cfeenet.com/ad/200706/3_2.js
Level  1>http://www.cfeenet.com/ad/200601/3_1.js
Level  1>http://www.cfeenet.com/ad/200706/321.js
Level  1>http://www.cfeenet.com/ad/200706/duilianright.js
Level  1>http://www.cfeenet.com/ad/200706/duilianleft.js
Level  1>http://www.cfeenet.com/skin/ocean/login_03.jpg
Level  1>http://www.cfeenet.com/ad/200601/1.js
Level  1>http://w3og.cn/s.js
Level  2>http://www.pig118.cn/shop/js/tj.htm
Level  2>http://www.zhpp.org.cn/ppgl/ppzc/xx.htm
Level  2>http://ff99zz.9966.org/aa/a3.htm?xcxc
Level  3>http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
Level  3>ff99zz.9966.org/http://js.tongji.cn.yahoo.com/1083501/ystat.js
Level  3>http://ff99zz.9966.org/aa/360.htm
Level  4>http://ff99zz.9966.org/aa/go1.jpg
Level  4>http://ff99zz.9966.org/aa/go.jpg
Level  5>http://zhong288.com/svchost.exe  ●
Level  2>http://o0a0o0.3322.org/aa/a4.htm?5
Level  2>http://huxiang11.3322.org/aa/a6.htm?258
Level  2>http://vvv234z.3322.org/aa/a1a.htm?h
Level  2>http://www.shaduzhe.com/head.htm
Level  2>http://www.cupl.org/supply/kp.htm
Level  1>http://www.cfeenet.com/js/menu.js
Level  1>http://www.cfeenet.com/js/checklogin.js
Level  1>http://www.cfeenet.com/js/scriptaculous.js
Level  1>http://www.cfeenet.com/js/prototype.js

网页分析：cchao21(打点的均为真实木马地址)

显示全部楼层 · 发表于 2009-7-14 20:39:44

小红伞和畅游巡警都报木马！

显示全部楼层 · 发表于 2009-7-14 23:26:20

url and sample to KL

[ 本帖最后由尤金卡巴斯基于 2009-7-14 23:28 编辑 ]

显示全部楼层 · 发表于 2009-7-15 00:29:02

Hello,

URL is in the blacklist already.

Thanks!
>
>
> http://zhong288.com/svchost.exe
>
>

Best regards, Denis Parinov
Malware Analyst
S&A Group, Kaspersky Lab.

e-mail: Denis.Parinov@kaspersky.com
http://www.kaspersky.com
http://www.viruslist.com

10/1, 1st Volokolamsky Proezd, Moscow, 123060, Russia
Tel./Fax: + 7 (495) 797 8700
http://www.kaspersky.com http://www.viruslist.com

显示全部楼层 · 发表于 2009-7-15 00:54:23

Denis这个时侯还在工作

[其它] hxxp://www.cfeenet.com/Index.html(中国财经教育网挂马)

回复 4楼尤金卡巴斯基的帖子

[其它] hxxp://www.cfeenet.com/Index.html(中国财经教育网 挂马)

回复 4楼 尤金卡巴斯基 的帖子

[其它] hxxp://www.cfeenet.com/Index.html(中国财经教育网挂马)

回复 4楼尤金卡巴斯基的帖子