收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 毒网
返回列表 发新帖
查看: 2706|回复: 7
收起左侧

[病毒样本] 毒网

[复制链接]
yitp
发表于 2007-2-15 19:38:10 | 显示全部楼层 |阅读模式
毒网
http://sports.vitu.cn/HTML/2006-12-11/PP330543.htm

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

pamier2001
发表于 2007-2-15 19:45:33 | 显示全部楼层
我用firefox进去不报
用ie进就报了,同样都是nod32
回复

举报

waterou
发表于 2007-2-15 21:15:13 | 显示全部楼层
卡巴怎么没有反应啊?我用MAXTHON 1.5.9.90的
回复

举报

yt5567
发表于 2007-2-15 21:20:58 | 显示全部楼层
蜘蛛也没反映呀
回复

举报

ALEXBLAIR
发表于 2007-2-15 21:55:15 | 显示全部楼层
nod32说的有问题的java代码在这里,貌似没有什么大问题
今天刚装完系统
交给卡巴去分析把

  2. <!--
  3. var paypopupURL = "http://www.digvod.com";
  4. var stype="height=500,width=780,menubar=yes,toolbar=yes,location=yes,directories=yes,scrollbars=yes,status=yes,resizable=yes";
  5. //??ìo??§?è????ì|??ì??ì??D???ìo??§?è?a|?§??¨o?¨¨??
  6. var time=12;


  9. //COOKIES??ì|??ì??ì???T??|?§???ê?è3?


  12. var usingActiveX = true;
  13. function blockError(){return true;}
  14. window.onerror = blockError;
  15. //bypass norton internet security popup blocker
  16. if (window.SymRealWinOpen){window.open = SymRealWinOpen;}
  17. if (window.NS_ActualOpen) {window.open = NS_ActualOpen;}
  18. if (typeof(usingClick) == 'undefined') {var usingClick = false;}
  19. if (typeof(usingActiveX) == 'undefined') {var usingActiveX = false;}
  20. if (typeof(popwin) == 'undefined') {var popwin = null;}
  21. if (typeof(poped) == 'undefined') {var poped = false;}
  22. if (typeof(paypopupURL) == 'undefined') {var paypopupURL = "http://www.digvod.com";}
  23. var blk = 1;
  24. var setupClickSuccess = false;
  25. var googleInUse = false;
  26. var myurl = location.href+'/';
  27. var MAX_TRIED = 20;
  28. var activeXTried = false;
  29. var tried = 0;
  30. var randkey = '0';  // random key from server
  31. var myWindow;
  32. var popWindow;
  33. var setupActiveXSuccess = 0;
  34. // bypass IE functions
  35. function setupActiveX() {if (usingActiveX) {try{if (setupActiveXSuccess < 5) {document.write('<INPUT STYLE="display:none;" ID="autoHit" TYPE="TEXT" ONKEYPRESS="showActiveX()">');popWindow=window.createPopup();popWindow.document.body.innerHTML='<DIV ID="objectRemover"><OBJECT ID="getParentDiv" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT></DIV>';document.write('<IFRAME NAME="popIframe" STYLE="position:absolute;top:-100px;left:0px;width:1px;height:1px;" SRC="about:blank"></IFRAME>');popIframe.document.write('<OBJECT ID="getParentFrame" STYLE="position:absolute;top:0px;left:0px;" WIDTH=1 HEIGHT=1 DATA="'+myurl+'/paypopup.html" TYPE="text/html"></OBJECT>');setupActiveXSuccess = 6;}}catch(e){if (setupActiveXSuccess < 5) {setupActiveXSuccess++;setTimeout('setupActiveX();',500);}else if (setupActiveXSuccess == 5) {activeXTried = true;setupClick();}}}}
  36. function tryActiveX(){if (!activeXTried && !poped) {if (setupActiveXSuccess == 6 && googleInUse && popWindow && popWindow.document.getElementById('getParentDiv') && popWindow.document.getElementById('getParentDiv').object && popWindow.document.getElementById('getParentDiv').object.parentWindow) {myWindow=popWindow.document.getElementById('getParentDiv').object.parentWindow;}else if (setupActiveXSuccess == 6 && !googleInUse && popIframe && popIframe.getParentFrame && popIframe.getParentFrame.object && popIframe.getParentFrame.object.parentWindow){myWindow=popIframe.getParentFrame.object.parentWindow;popIframe.location.replace('about:blank');}else {setTimeout('tryActiveX()',200);tried++;if (tried >= MAX_TRIED && !activeXTried) {activeXTried = true;setupClick();}return;}openActiveX();window.windowFired=true;//self.focus();
  37. }}
  38. function openActiveX(){if (!activeXTried && !poped) {if (myWindow && window.windowFired){window.windowFired=false;document.getElementById('autoHit').fireEvent("onkeypress",(document.createEventObject().keyCode=escape(randkey).substring(1)));}else {setTimeout('openActiveX();',100);}tried++;if (tried >= MAX_TRIED) {activeXTried = true;setupClick();}}}
  39. function showActiveX(){if (!activeXTried && !poped) {if (googleInUse) {window.daChildObject=popWindow.document.getElementById('objectRemover').children(0);window.daChildObject=popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);}newWindow=myWindow.open(paypopupURL,'abcdefg',stype);if (newWindow) {newWindow.blur();self.focus();activeXTried = true;poped = true;}else {if (!googleInUse) {googleInUse=true;tried=0;tryActiveX();}else {activeXTried = true;setupClick();}}}}
  40. // end bypass IE functions
  41. // normal call functions
  42. function paypopup(){if (!poped) {if(!usingClick && !usingActiveX) {popwin = window.open(paypopupURL,'abcdefg',stype);if (popwin) {poped = true;}self.focus();}}if (!poped) {if (usingActiveX) {tryActiveX();}else {setupClick();}}}
  43. // end normal call functions
  44. // onclick call functions
  45. function setupClick() {if (!poped && !setupClickSuccess){if (window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick = document.onclick;document.onclick = gopop;self.focus();setupClickSuccess=true;}}
  46. function gopop() {if (!poped) {popwin = window.open(paypopupURL,'abcdefg',stype);if (popwin) {poped = true;}self.focus();}if (typeof(prePaypopOnclick) == "function") {prePaypopOnclick();}}
  47. // end onclick call functions
  48. // check version
  49. function detectGoogle() {if (usingActiveX) {try {document.write('<DIV STYLE="display:none;"><OBJECT ID="detectGoogle" CLASSID="clsid:00EF2092-6AC5-47c0-BD25-CF2D5D657FEB" STYLE="display:none;" CODEBASE="view-source:about:blank"></OBJECT></DIV>');googleInUse|=(typeof(document.getElementById('detectGoogle'))=='object');}catch(e){setTimeout('detectGoogle();',50);}}}
  50. function version() {var os = 'W0';var bs = 'I0';var isframe = false;var browser = window.navigator.userAgent;if (browser.indexOf('Win') != -1) {os = 'W1';}if (browser.indexOf("SV1") != -1) {bs = 'I2';}else if (browser.indexOf("Opera") != -1) {bs = "I0";}else if (browser.indexOf("Firefox") != -1) {bs = "I0";}else if (browser.indexOf("Microsoft") != -1 || browser.indexOf("MSIE") != -1) {bs = 'I1';}if (top.location != this.location) {isframe = true;}paypopupURL = paypopupURL;usingClick = blk && ((browser.indexOf("SV1") != -1) || (browser.indexOf("Opera") != -1) || (browser.indexOf("Firefox") != -1));usingActiveX = blk && (browser.indexOf("SV1") != -1) && !(browser.indexOf("Opera") != -1) && ((browser.indexOf("Microsoft") != -1) || (browser.indexOf("MSIE") != -1));detectGoogle();}
  51. version();
  52. // end check version
  53. function loadingPop() {
  54.         if(!usingClick && !usingActiveX) {
  55.                 paypopup();
  56.         }
  57.         else if (usingActiveX) {tryActiveX();}
  58.         else {setupClick();}
  59. }
  60. myurl = myurl.substring(0, myurl.indexOf('/',8));
  61. if (myurl == '') {myurl = '.';}


  64. function SetCookie(name,value){
  65. var exp  = new Date();   
  66.   exp.setTime(exp.getTime() + time*60*60*1000);
  67. var nameString = name + "=" + value;
  68. var expiryString = " ;expires = "+ exp.toGMTString();
  69. var domain=" ;domain=.vitu.cn";
  70. var pathString = " ;path = /";
  71. document.cookie = nameString + expiryString+domain+ pathString ;
  72. }

  74. function GetCookie (name) {
  75. var CookieFound = false;
  76. var start = 0;
  77. var end = 0;
  78. var CookieString = document.cookie;
  79. var i = 0;

  81. while (i <= CookieString.length) {
  82. start = i ;
  83. end = start + name.length;
  84. if (CookieString.substring(start, end) == name){
  85. CookieFound = true;
  86. break;
  87. }
  88. i++;
  89. }

  91. if (CookieFound){
  92. start = end + 1;
  93. end = CookieString.indexOf(";",start);
  94. if (end < start)
  95. end = CookieString.length;
  96. return unescape(CookieString.substring(start, end));
  97. }
  98. return "";
  99. }



  103. if (GetCookie('read') !='true')
  104. {
  105. setupActiveX();
  106. loadingPop();
  107. //this.focus();
  108. SetCookie('read','true');
  109. }
  110. //-->
复制代码
回复

举报

mofunzone
发表于 2007-2-16 04:05:25 | 显示全部楼层
脚本扔上

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ly250094040
发表于 2007-2-16 23:19:31 | 显示全部楼层
OPETA进去也什么都不报。。。
回复

举报

yinxuchina
发表于 2007-2-16 23:44:33 | 显示全部楼层
费尔报了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-13 16:39 , Processed in 0.134455 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表